Book Image

Kubernetes in Production Best Practices

By : Aly Saleh, Murat Karslioglu
Book Image

Kubernetes in Production Best Practices

By: Aly Saleh, Murat Karslioglu

Overview of this book

Although out-of-the-box solutions can help you to get a cluster up and running quickly, running a Kubernetes cluster that is optimized for production workloads is a challenge, especially for users with basic or intermediate knowledge. With detailed coverage of cloud industry standards and best practices for achieving scalability, availability, operational excellence, and cost optimization, this Kubernetes book is a blueprint for managing applications and services in production. You'll discover the most common way to deploy and operate Kubernetes clusters, which is to use a public cloud-managed service from AWS, Azure, or Google Cloud Platform (GCP). This book explores Amazon Elastic Kubernetes Service (Amazon EKS), the AWS-managed version of Kubernetes, for working through practical exercises. As you get to grips with implementation details specific to AWS and EKS, you'll understand the design concepts, implementation best practices, and configuration applicable to other cloud-managed services. Throughout the book, you’ll also discover standard and cloud-agnostic tools, such as Terraform and Ansible, for provisioning and configuring infrastructure. By the end of this book, you’ll be able to leverage Kubernetes to operate and manage your production environments confidently.

Related Content you might be interested in

Current Title:

Small book image
Kubernetes in Production Best Practices
Aly Saleh | Murat Karslioglu
Mar, 2021 | 292 pages
Small book image
Kubernetes - A Complete DevOps Cookbook
Murat Karslioglu
Mar, 2020 | 584 pages
Small book image
Cloud Native with Kubernetes
Alexander Raul
Jan, 2021 | 446 pages
Small book image
Mastering Elastic Kubernetes Service on AWS
Malcolm Orr | YangXin Cao Eason
Jul, 2023 | 448 pages
Table of Contents (12 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Chapter 1: Introduction to Kubernetes Infrastructure and Production-Readiness
Chapter 1: Introduction to Kubernetes Infrastructure and Production-Readiness
The basics of Kubernetes infrastructure
Why Kubernetes is challenging in production
Kubernetes production-readiness
Kubernetes infrastructure best practices
Cloud-native approach
Summary
Further reading
Free Chapter
2
Chapter 2: Architecting Production-Grade Kubernetes Infrastructure
Chapter 2: Architecting Production-Grade Kubernetes Infrastructure
Understanding Kubernetes infrastructure design considerations
Exploring Kubernetes deployment strategy alternatives
Designing an Amazon EKS infrastructure
Summary
Further reading
3
Chapter 3: Provisioning Kubernetes Clusters Using AWS and Terraform
Chapter 3: Provisioning Kubernetes Clusters Using AWS and Terraform
Technical requirements
Implementation principles and best practices
Cluster deployment and rollout strategy
Preparing Terraform
Creating the network infrastructure
Creating the cluster infrastructure
Cleaning up and destroying infrastructure resources
Summary
Further reading
4
Chapter 4: Managing Cluster Configuration with Ansible
Chapter 4: Managing Cluster Configuration with Ansible
Technical requirements
Installing the required tools
Implementation principles
Kubernetes configuration management
Configuring the clusters
Destroying the cluster's resources
Summary
Further reading
5
Chapter 5: Configuring and Enhancing Kubernetes Networking Services
Chapter 5: Configuring and Enhancing Kubernetes Networking Services
Technical requirements
Introducing networking production readiness
Configuring Kube Proxy
Configuring the Amazon CNI plugin
Configuring CoreDNS
Configuring ExternalDNS
Configuring NGINX Ingress Controller
Deploying the cluster's network services
Destroying the cluster's resources
Summary
Further reading
6
Chapter 6: Securing Kubernetes Effectively
Chapter 6: Securing Kubernetes Effectively
Technical requirements
Securing Kubernetes infrastructure
Managing cluster access
Managing secrets and certificates
Securing workloads and apps
Ensuring cluster security and compliance
Bonus security tips
Deploying the security configurations
Destroying the cluster
Summary
Further reading
7
Chapter 7: Managing Storage and Stateful Applications
Chapter 7: Managing Storage and Stateful Applications
Technical requirements
Implementation principles
Understanding the challenges with stateful applications
Tuning Kubernetes storage
Choosing a persistent storage solution
Deploying stateful applications
Summary
Further reading
8
Chapter 8: Deploying Seamless and Reliable Applications
Chapter 8: Deploying Seamless and Reliable Applications
Technical requirements
Understanding the challenges with container images
Learning application deployment strategies
Scaling applications and achieving higher availability
Summary
Further reading
9
Chapter 9: Monitoring, Logging, and Observability
Chapter 9: Monitoring, Logging, and Observability
Technical requirements
Understanding the challenges with Kubernetes observability
Learning site reliability best practices
Monitoring, metrics, and visualization
Logging and tracing
Summary
Further reading
10
Chapter 10: Operating and Maintaining Efficient Kubernetes Clusters
Chapter 10: Operating and Maintaining Efficient Kubernetes Clusters
Technical requirements
Learning about cluster maintenance and upgrades
Preparing for backups and disaster recovery
Validating cluster quality
Summary
Further reading
Why subscribe?
11
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Bonus security tips

These are some general security best practices and tips that did not fit under any of the previous sections. However, I find them to be useful:

  1. Always keep Kubernetes updated to the latest version.
  2. Update worker AMIs to the latest version. You have to be cautious because this change could introduce some downtime, especially if you are not using a managed node group.
  3. Do not run Docker in Docker or mount the socket in a container.
  4. Restrict the use of hostPath or, if hostPath is necessary, restrict which prefixes can be used and configure the volume as read-only.
  5. Set requests and limits for each container to avoid resource contention and Denial of Service (DoS) attacks.
  6. Whenever possible, use an optimized operating system for running containers.
  7. Use immutable infrastructure, and automate the rotation of the cluster worker nodes.
  8. You should not enable the Kubernetes dashboard.
  9. Enable AWS VPC Flow Logs to capture metadata about...
Previous Section
End of Section 8
Next Section