Book Image

Kubernetes on AWS

By : Ed Robinson
Book Image

Kubernetes on AWS

By: Ed Robinson

Overview of this book

Docker containers promise to radicalize the way developers and operations build, deploy, and manage applications running on the cloud. Kubernetes provides the orchestration tools you need to realize that promise in production. Kubernetes on AWS guides you in deploying a production-ready Kubernetes cluster on the AWS platform. You will then discover how to utilize the power of Kubernetes, which is one of the fastest growing platforms for production-based container orchestration, to manage and update your applications. Kubernetes is becoming the go-to choice for production-grade deployments of cloud-native applications. This book covers Kubernetes from first principles. You will start by learning about Kubernetes' powerful abstractions - Pods and Services - that make managing container deployments easy. This will be followed by a guided tour through setting up a production-ready Kubernetes cluster on AWS, while learning the techniques you need to successfully deploy and manage your own applications. By the end of the book, you will have gained plenty of hands-on experience with Kubernetes on Amazon Web Services. You will also have picked up some tips on deploying and managing applications, keeping your cluster and applications secure, and ensuring that your whole system is reliable and resilient to failure.

Related Content you might be interested in

Current Title:

Small book image
Kubernetes on AWS
Ed Robinson
Nov, 2018 | 270 pages
Small book image
DevOps with Kubernetes.
HuiChuan Chloe Lee | ChengYang Wu | Hideto Saito
Jan, 2019 | 484 pages
Small book image
Kubernetes Cookbook
HuiChuan Chloe Lee | KeJou Carol Hsu | Hideto Saito
May, 2018 | 554 pages
Small book image
DevOps with Kubernetes
HuiChuan Chloe Lee | ChengYang Wu | Hideto Saito
Oct, 2017 | 382 pages
Table of Contents (12 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Google's Infrastructure for the Rest of Us
Google's Infrastructure for the Rest of Us
Why do I need a Kubernetes cluster?
Under the hood
Summary
2
Start Your Engines
Start Your Engines
Your own Kubernetes
Building and launching a simple application on Minikube
Summary
3
Reach for the Cloud
Reach for the Cloud
Cluster architecture
Creating an AWS account
Setting up a bastion
Instance profiles
Kubernetes software
Installing Kubeadm
Bootstrapping the cluster
Access the API from your workstation
Setting up pod networking
Launching worker nodes
Demo time
Summary
4
Managing Change in Your Applications
Managing Change in Your Applications
Running pods directly
Jobs
CronJob
Managing long running processes with deployments
DaemonSet
Summary
5
Managing Complex Applications with Helm
Managing Complex Applications with Helm
Installing Helm
Configuring a chart
Creating your own charts
Hooks
Packaging Helm charts
Organizational patterns for Helm
Next steps
6
Planning for Production
Planning for Production
The design process
Discovering requirements
Availability
Capacity
Performance
Security
Observability
Summary
7
A Production-Ready Cluster
A Production-Ready Cluster
Building a cluster
Getting started with Terraform
Control Plane
Preparing node images
Node group
Provisioning add-ons
Managing change
Summary
8
Sorry My App Ate the Cluster
Sorry My App Ate the Cluster
Resource requests and limits
Horizontal Pod Autoscaling
Summary
9
Storing State
Storing State
Volumes
Storage classes
StatefulSet
Summary
Further reading
10
Managing Container Images
Managing Container Images
Pushing Docker images to ECR
Tagging images
Labelling images
Summary
11
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Instance profiles

In order for Kubernetes to make use of its integrations with the AWS cloud APIs, we need to set up IAM instance profiles. An instance profile is a way for the Kubernetes software to authenticate with the AWS API, and for us to assign fine-grained permissions on the actions that Kubernetes can take.

It can be confusing to learn all of the permissions that Kubernetes requires to function correctly. You could just set up instance profiles that allow full access to AWS, but this would be at the expense of security best practice.

Whenever we assign security permissions, we should be aiming to grant just enough permissions for our software to function correctly. To this end, I have collated a set of minimal IAM policies that will allow our cluster to function correctly, without giving excess permissions away.

You can view these policies at https://github.com/errm/k8s...

Previous Section
End of Section 5
Next Section