Kubernetes Up and Running Dive Into the Future of Infrastructure (Brendan Burns, Joe Beda, Kelsey Hightower) (Z-Library)

Brendan Burns, Joe Beda & Kelsey Hightower Kubernetes Up & Running Dive into the Future of Infrastructure Second Edition

Find out what you can do with a fully managed service for simplifying Kubernetes deployment, management and operations, including: • Build microservices applications. • Deploy a Kubernetes cluster. • Easily monitor and manage Kubernetes. Create a free account and get started with Kubernetes on Azure. Azure Kubernetes Service (AKS) is one of more than 25 products that are always free with your account. Start free > Then, try these labs to master the basic and advanced tasks required to deploy a multi- container application to Kubernetes on Azure Kubernetes Service (AKS). Try now > Get started Kubernetes on Azure

Brendan Burns, Joe Beda, and Kelsey Hightower Kubernetes: Up and Running Dive into the Future of Infrastructure SECOND EDITION Boston Farnham Sebastopol TokyoBeijing

978-1-492-04653-0 [LSI] Kubernetes: Up and Running by Brendan Burns, Joe Beda, and Kelsey Hightower Copyright © 2019 Brendan Burns, Joe Beda, and Kelsey Hightower. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com. Acquisition Editor: John Devins Development Editor: Virginia Wilson Production Editor: Kristen Brown Copyeditor: Kim Cofer Proofreader: Rachel Head Indexer: Ellen Troutman-Zaig Interior Designer: David Futato Cover Designer: Karen Montgomery Illustrator: Rebecca Demarest September 2017: First Edition August 2019: Second Edition Revision History for the Second Edition 2019-07-15: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781492046530 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Kubernetes: Up and Running, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the authors, and do not represent the publisher’s views. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights. This work is part of a collaboration between O’Reilly and Microsoft. See our statement of editorial inde‐ pendence.

For Robin, Julia, Ethan, and everyone who bought cookies to pay for that Commodore 64 in my third-grade class. —Brendan Burns For my Dad, who helped me fall in love with computers by bringing home punch cards and dot matrix banners. —Joe Beda For Klarissa and Kelis, who keep me sane. And for my Mom, who taught me a strong work ethic and how to rise above all odds. —Kelsey Hightower

Table of Contents Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Velocity 2 The Value of Immutability 3 Declarative Configuration 4 Self-Healing Systems 5 Scaling Your Service and Your Teams 5 Decoupling 6 Easy Scaling for Applications and Clusters 6 Scaling Development Teams with Microservices 7 Separation of Concerns for Consistency and Scaling 8 Abstracting Your Infrastructure 9 Efficiency 10 Summary 11 2. Creating and Running Containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Container Images 14 The Docker Image Format 15 Building Application Images with Docker 16 Dockerfiles 16 Optimizing Image Sizes 18 Image Security 19 Multistage Image Builds 20 Storing Images in a Remote Registry 22 The Docker Container Runtime 23 Running Containers with Docker 23 Exploring the kuard Application 23 v

Limiting Resource Usage 24 Cleanup 24 Summary 25 3. Deploying a Kubernetes Cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Installing Kubernetes on a Public Cloud Provider 28 Google Kubernetes Engine 28 Installing Kubernetes with Azure Kubernetes Service 28 Installing Kubernetes on Amazon Web Services 29 Installing Kubernetes Locally Using minikube 29 Running Kubernetes in Docker 30 Running Kubernetes on Raspberry Pi 31 The Kubernetes Client 31 Checking Cluster Status 31 Listing Kubernetes Worker Nodes 32 Cluster Components 34 Kubernetes Proxy 34 Kubernetes DNS 34 Kubernetes UI 35 Summary 36 4. Common kubectl Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Namespaces 37 Contexts 37 Viewing Kubernetes API Objects 38 Creating, Updating, and Destroying Kubernetes Objects 39 Labeling and Annotating Objects 40 Debugging Commands 40 Command Autocompletion 42 Alternative Ways of Viewing Your Cluster 42 Summary 43 5. Pods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Pods in Kubernetes 46 Thinking with Pods 46 The Pod Manifest 47 Creating a Pod 48 Creating a Pod Manifest 48 Running Pods 49 Listing Pods 49 Pod Details 50 Deleting a Pod 51 vi | Table of Contents

Accessing Your Pod 52 Using Port Forwarding 52 Getting More Info with Logs 52 Running Commands in Your Container with exec 53 Copying Files to and from Containers 53 Health Checks 54 Liveness Probe 54 Readiness Probe 55 Types of Health Checks 56 Resource Management 56 Resource Requests: Minimum Required Resources 56 Capping Resource Usage with Limits 58 Persisting Data with Volumes 59 Using Volumes with Pods 59 Different Ways of Using Volumes with Pods 60 Persisting Data Using Remote Disks 61 Putting It All Together 61 Summary 63 6. Labels and Annotations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Labels 65 Applying Labels 67 Modifying Labels 68 Label Selectors 68 Label Selectors in API Objects 70 Labels in the Kubernetes Architecture 71 Annotations 71 Defining Annotations 72 Cleanup 73 Summary 73 7. Service Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 What Is Service Discovery? 75 The Service Object 76 Service DNS 77 Readiness Checks 78 Looking Beyond the Cluster 79 Cloud Integration 81 Advanced Details 82 Endpoints 82 Manual Service Discovery 83 kube-proxy and Cluster IPs 84 Table of Contents | vii

Cluster IP Environment Variables 85 Connecting with Other Environments 86 Cleanup 86 Summary 86 8. HTTP Load Balancing with Ingress. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Ingress Spec Versus Ingress Controllers 90 Installing Contour 91 Configuring DNS 92 Configuring a Local hosts File 92 Using Ingress 92 Simplest Usage 93 Using Hostnames 94 Using Paths 95 Cleaning Up 96 Advanced Ingress Topics and Gotchas 96 Running Multiple Ingress Controllers 97 Multiple Ingress Objects 97 Ingress and Namespaces 97 Path Rewriting 98 Serving TLS 98 Alternate Ingress Implementations 99 The Future of Ingress 100 Summary 101 9. ReplicaSets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Reconciliation Loops 104 Relating Pods and ReplicaSets 104 Adopting Existing Containers 105 Quarantining Containers 105 Designing with ReplicaSets 105 ReplicaSet Spec 106 Pod Templates 106 Labels 107 Creating a ReplicaSet 107 Inspecting a ReplicaSet 108 Finding a ReplicaSet from a Pod 108 Finding a Set of Pods for a ReplicaSet 108 Scaling ReplicaSets 109 Imperative Scaling with kubectl scale 109 Declaratively Scaling with kubectl apply 109 Autoscaling a ReplicaSet 110 viii | Table of Contents

Deleting ReplicaSets 111 Summary 112 10. Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Your First Deployment 114 Deployment Internals 114 Creating Deployments 116 Managing Deployments 117 Updating Deployments 118 Scaling a Deployment 118 Updating a Container Image 119 Rollout History 120 Deployment Strategies 123 Recreate Strategy 123 RollingUpdate Strategy 123 Slowing Rollouts to Ensure Service Health 126 Deleting a Deployment 128 Monitoring a Deployment 128 Summary 129 11. DaemonSets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 DaemonSet Scheduler 132 Creating DaemonSets 132 Limiting DaemonSets to Specific Nodes 134 Adding Labels to Nodes 135 Node Selectors 135 Updating a DaemonSet 136 Rolling Update of a DaemonSet 136 Deleting a DaemonSet 137 Summary 138 12. Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 The Job Object 139 Job Patterns 140 One Shot 140 Parallelism 144 Work Queues 146 CronJobs 150 Summary 151 13. ConfigMaps and Secrets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 ConfigMaps 153 Table of Contents | ix

Creating ConfigMaps 153 Using a ConfigMap 154 Secrets 157 Creating Secrets 158 Consuming Secrets 159 Private Docker Registries 160 Naming Constraints 161 Managing ConfigMaps and Secrets 162 Listing 162 Creating 163 Updating 163 Summary 165 14. Role-Based Access Control for Kubernetes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Role-Based Access Control 168 Identity in Kubernetes 168 Understanding Roles and Role Bindings 169 Roles and Role Bindings in Kubernetes 169 Techniques for Managing RBAC 172 Testing Authorization with can-i 172 Managing RBAC in Source Control 172 Advanced Topics 172 Aggregating ClusterRoles 173 Using Groups for Bindings 173 Summary 175 15. Integrating Storage Solutions and Kubernetes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Importing External Services 178 Services Without Selectors 179 Limitations of External Services: Health Checking 181 Running Reliable Singletons 181 Running a MySQL Singleton 181 Dynamic Volume Provisioning 185 Kubernetes-Native Storage with StatefulSets 186 Properties of StatefulSets 187 Manually Replicated MongoDB with StatefulSets 187 Automating MongoDB Cluster Creation 189 Persistent Volumes and StatefulSets 192 One Final Thing: Readiness Probes 193 Summary 194 x | Table of Contents

16. Extending Kubernetes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 What It Means to Extend Kubernetes 195 Points of Extensibility 196 Patterns for Custom Resources 204 Just Data 204 Compilers 205 Operators 205 Getting Started 205 Summary 205 17. Deploying Real-World Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Jupyter 207 Parse 209 Prerequisites 209 Building the parse-server 209 Deploying the parse-server 209 Testing Parse 210 Ghost 211 Configuring Ghost 211 Redis 214 Configuring Redis 215 Creating a Redis Service 216 Deploying Redis 217 Playing with Our Redis Cluster 218 Summary 219 18. Organizing Your Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Principles to Guide Us 221 Filesystems as the Source of Truth 222 The Role of Code Review 222 Feature Gates and Guards 223 Managing Your Application in Source Control 224 Filesystem Layout 224 Managing Periodic Versions 225 Structuring Your Application for Development, Testing, and Deployment 227 Goals 227 Progression of a Release 227 Parameterizing Your Application with Templates 229 Parameterizing with Helm and Templates 229 Filesystem Layout for Parameterization 230 Deploying Your Application Around the World 230 Architectures for Worldwide Deployment 230 Table of Contents | xi

Implementing Worldwide Deployment 232 Dashboards and Monitoring for Worldwide Deployments 233 Summary 233 A. Building a Raspberry Pi Kubernetes Cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 xii | Table of Contents

Preface Kubernetes: A Dedication Kubernetes would like to thank every sysadmin who has woken up at 3 a.m. to restart a process. Every developer who pushed code to production only to find that it didn’t run like it did on their laptop. Every systems architect who mistakenly pointed a load test at the production service because of a leftover hostname that they hadn’t updated. It was the pain, the weird hours, and the weird errors that inspired the development of Kubernetes. In a single sentence: Kubernetes intends to radically simplify the task of building, deploying, and maintaining distributed systems. It has been inspired by decades of real-world experience building reliable systems and it has been designed from the ground up to make that experience if not euphoric, at least pleasant. We hope you enjoy the book! Who Should Read This Book Whether you are new to distributed systems or have been deploying cloud-native sys‐ tems for years, containers and Kubernetes can help you achieve new levels of velocity, agility, reliability, and efficiency. This book describes the Kubernetes cluster orches‐ trator and how its tools and APIs can be used to improve the development, delivery, and maintenance of distributed applications. Though no previous experience with Kubernetes is assumed, to make maximal use of the book you should be comfortable building and deploying server-based applications. Familiarity with concepts like load balancers and network storage will be useful, though not required. Likewise, experi‐ ence with Linux, Linux containers, and Docker, though not essential, will help you make the most of this book. xiii

Why We Wrote This Book We have been involved with Kubernetes since its very beginnings. It has been truly remarkable to watch it transform from a curiosity largely used in experiments to a crucial production-grade infrastructure that powers large-scale production applica‐ tions in varied fields, from machine learning to online services. As this transition occurred, it became increasingly clear that a book that captured both how to use the core concepts in Kubernetes and the motivations behind the development of those concepts would be an important contribution to the state of cloud-native application development. We hope that in reading this book, you not only learn how to build reli‐ able, scalable applications on top of Kubernetes but also receive insight into the core challenges of distributed systems that led to its development. Why We Updated This Book In the few years that have passed since we wrote the first edition of this book, the Kubernetes ecosystem has blossomed and evolved. Kubernetes itself has had many releases, and many more tools and patterns for using Kubernetes have become de facto standards. In updating the book we added material on HTTP load balancing, role-based access control (RBAC), extending the Kubernetes API, how to organize your application in source control, and more. We also updated all of the existing chapters to reflect the changes and evolution in Kubernetes since the first edition. We fully expect to revise this book again in a few years (and look forward to doing so) as Kubernetes continues to evolve. A Word on Cloud-Native Applications Today From the first programming languages, to object-oriented programming, to the development of virtualization and cloud infrastructure, the history of computer sci‐ ence is a history of the development of abstractions that hide complexity and empower you to build ever more sophisticated applications. Despite this, the develop‐ ment of reliable, scalable applications is still dramatically more challenging than it ought to be. In recent years, containers and container orchestration APIs like Kuber‐ netes have proven to be an important abstraction that radically simplifies the devel‐ opment of reliable, scalable distributed systems. Though containers and orchestrators are still in the process of entering the mainstream, they are already enabling develop‐ ers to build and deploy applications with a speed, agility, and reliability that would have seemed like science fiction only a few years ago. xiv | Preface

Navigating This Book This book is organized as follows. Chapter 1 outlines the high-level benefits of Kuber‐ netes without diving too deeply into the details. If you are new to Kubernetes, this is a great place to start to understand why you should read the rest of the book. Chapter 2 provides a detailed introduction to containers and containerized applica‐ tion development. If you’ve never really played around with Docker before, this chap‐ ter will be a useful introduction. If you are already a Docker expert, it will likely be mostly review. Chapter 3 covers how to deploy Kubernetes. While most of this book focuses on how to use Kubernetes, you need to get a cluster up and running before you start using it. Although running a cluster for production is out of the scope of this book, this chap‐ ter presents a couple of easy ways to create a cluster so that you can understand how to use Kubernetes. Chapter 4 covers a selection of common commands used to inter‐ act with a Kubernetes cluster. Starting with Chapter 5, we dive into the details of deploying an application using Kubernetes. We cover Pods (Chapter 5), labels and annotations (Chapter 6), services (Chapter 7), Ingress (Chapter 8), and ReplicaSets (Chapter 9). These form the core basics of what you need to deploy your service in Kubernetes. We then cover deploy‐ ments (Chapter 10), which tie together the lifecycle of a complete application. After those chapters, we cover some more specialized objects in Kubernetes: Dae‐ monSets (Chapter 11), Jobs (Chapter 12), and ConfigMaps and secrets (Chapter 13). While these chapters are essential for many production applications, if you are just learning Kubernetes you can skip them and return to them later, after you gain more experience and expertise. Next we cover integrating storage into Kubernetes (Chapter 15). We discuss extend‐ ing Kubernetes in Chapter 16. Finally, we conclude with some examples of how to develop and deploy real-world applications in Kubernetes (Chapter 17) and a discus‐ sion of how to organize your applications in source control (Chapter 18). Online Resources You will want to install Docker. You likely will also want to familiarize yourself with the Docker documentation if you have not already done so. Likewise, you will want to install the kubectl command-line tool. You may also want to join the Kubernetes Slack channel, where you will find a large community of users who are willing to talk and answer questions at nearly any hour of the day. Finally, as you grow more advanced, you may want to engage with the open source Kubernetes repository on GitHub. Preface | xv

Conventions Used in This Book The following typographical conventions are used in this book: Italic Indicates new terms, URLs, email addresses, filenames, and file extensions. Constant width Used for program listings, as well as within paragraphs to refer to program ele‐ ments such as variable or function names, databases, data types, environment variables, statements, and keywords. Constant width bold Shows commands or other text that should be typed literally by the user. Constant width italic Shows text that should be replaced with user-supplied values or by values deter‐ mined by context. This icon signifies a tip, suggestion, or general note. This icon indicates a warning or caution. Using Code Examples Supplemental material (code examples, exercises, etc.) is available for download at https://github.com/kubernetes-up-and-running/examples. This book is here to help you get your job done. In general, if example code is offered with this book, you may use it in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a signifi‐ cant amount of example code from this book into your product’s documentation does require permission. xvi | Preface

We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Kubernetes: Up and Running, 2nd edition, by Brendan Burns, Joe Beda, and Kelsey Hightower (O’Reilly). Copyright 2019 Brendan Burns, Joe Beda, and Kelsey Hightower, 978-1-492-04653-0.” If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at permissions@oreilly.com. O’Reilly Online Learning For almost 40 years, O’Reilly Media has provided technology and business training, knowledge, and insight to help compa‐ nies succeed. Our unique network of experts and innovators share their knowledge and expertise through books, articles, conferences, and our online learning platform. O’Reilly’s online learning platform gives you on-demand access to live training courses, in- depth learning paths, interactive coding environments, and a vast collection of text and video from O’Reilly and 200+ other publishers. For more information, please visit http://oreilly.com. How to Contact Us Please address comments and questions concerning this book to the publisher: O’Reilly Media, Inc. 1005 Gravenstein Highway North Sebastopol, CA 95472 800-998-9938 (in the United States or Canada) 707-829-0515 (international or local) 707-829-0104 (fax) We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at http://bit.ly/kubernetesUR_2e. To comment or ask technical questions about this book, send email to bookques‐ tions@oreilly.com. For more information about our books, courses, conferences, and news, see our web‐ site at http://www.oreilly.com. Find us on Facebook: http://facebook.com/oreilly Follow us on Twitter: http://twitter.com/oreillymedia Preface | xvii

Watch us on YouTube: http://www.youtube.com/oreillymedia Acknowledgments We would like to acknowledge everyone who helped us develop this book. This includes our editor Virginia Wilson and all of the great folks at O’Reilly, as well as the technical reviewers who provided tremendous feedback that significantly improved the book. Finally, we would like to thank all of our first edition readers who took the time to report errata that were found and fixed in this second edition. Thank you all! We’re very grateful. xviii | Preface