Alan Hohn - The Book of Kubernetes

A Complete Guide to Container Orchestration

by Alan Hohn

San Francisco

THE BOOK OF KUBERNETES. Copyright 2022 by Alan Hohn.

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.

First printing

26 25 24 23 22 1 2 3 4 5

ISBN-13: 978-1-7185-0264-2 (print)
ISBN-13: 978-1-7185-0265-9 (ebook)

Publisher: William Pollock
Managing Editor: Jill Franklin
Production Manager: Rachel Monaghan
Production Editors: Paula Williamson and Jennifer Kepler
Developmental Editor: Jill Franklin
Cover Illustrator: Gina Redman
Interior Design: Octopod Studios
Technical Reviewer: Xander Soldaat
Production Services: Octal Publishing, Inc.

For information on distribution, bulk sales, corporate sales, or translations, please contact No Starch Press, Inc. directly at or:

No Starch Press, Inc.
245 8th Street, San Francisco, CA 94103
phone: 1.415.863.9900
www.nostarch.com

Library of Congress Control Number: 2022020536

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

For my wife, Sheryl

About the Author

Alan Hohn is the director for software strategy for Lockheed Martin. He has 25 years of experience as a Lockheed Martin Fellow, software developer, architect, lead, and manager. He has delivered real applications to production in Ada, Java, Python, and Go, among others, and has worked with Linux since the early 1990s. He is an Agile and DevSecOps coach and is an experienced trainer for Java, Ansible, containers, software architecture, and Kubernetes. Alan has a degree in computer science from Embry-Riddle Aeronautical University, a masters in business administration from the University of Minnesota, and a masters in industrial engineering from the Georgia Institute of Technology.

About the Technical Reviewer

Xander Soldaat started his Linux journey back in 1994 with a sports bag full of floppy disks, a 486DX2/66, and a spare weekend. He has a deep background in IT infrastructure architecture, as well as embedded systems, compiler, and STEM curriculum development. He is currently an OpenShift Cloud Success Architect at Red Hat. In his spare time, he likes to tinker with robots, electronics, retro computers, and tabletop games.

CONTENTS IN DETAIL

PART I
MAKING AND USING CONTAINERS

1
WHY CONTAINERS MATTER

2
PROCESS ISOLATION

3
RESOURCE LIMITING

4
NETWORK NAMESPACES

5
CONTAINER IMAGES AND RUNTIME LAYERS

PART II
CONTAINERS IN KUBERNETES

6
WHY KUBERNETES MATTERS

7
DEPLOYING CONTAINERS TO KUBERNETES

8
OVERLAY NETWORKS

9
SERVICE AND INGRESS NETWORKS

10
WHEN THINGS GO WRONG

11
CONTROL PLANE AND ACCESS CONTROL

12
CONTAINER RUNTIME

13
HEALTH PROBES

14
LIMITS AND QUOTAS

15
PERSISTENT STORAGE

16
CONFIGURATION AND SECRETS

17
CUSTOM RESOURCES AND OPERATORS

PART III
PERFORMANT KUBERNETES

18
AFFINITY AND DEVICES

19
TUNING QUALITY OF SERVICE

20
APPLICATION RESILIENCY

ACKNOWLEDGMENTS

Thanks to the many people who have been generous with knowledge and help in creating this book. First, thanks to my editor, Jill Franklin, my technical reviewer, Xander Soldaat, and my copyeditor, Bob Russell, for spotting errors I didnt see and filling gaps in my knowledge. The remaining mistakes are mine. They would have been much more numerous without your help.

Thanks to my colleagues at Lockheed Martin, especially our Software Factory team. I have learned a great deal from you, and we have built many cool things together. Thanks to my Application Based Architecture colleagues who explored Kubernetes with me in the early days. Thanks also to the many people who build the open source products and the community around containers and Kubernetes; I am humbled by the chance to contribute.

I am most grateful to my family for helping to make this book possible and for listening patiently as I described each current challenge in writing it.

My thanks goes to all these, but Soli Deo Gloria.

INTRODUCTION

Containers and Kubernetes together are changing the way that applications are architected, developed, and deployed. Containers ensure that software runs reliably no matter where its deployed, and Kubernetes lets you manage all of your containers from a single control plane.

This book is designed to help you take full advantage of these essential new technologies, using hands-on examples not only to try out the major features but also to explore how each feature works. In this way, beyond simply being ready to deploy an application to Kubernetes, youll gain the skills to architect applications to be performant and reliable in a Kubernetes cluster, and to quickly diagnose problems when they arise.

The Approach

The biggest advantage of a Kubernetes cluster is that it hides the work of running containers across multiple hosts behind an abstraction layer. A Kubernetes cluster is a black box that runs what we tell it to run, with automatic scaling, failover, and upgrades to new versions of our application.

Even though this abstraction makes it easier to deploy and manage applications, it also makes it difficult to understand what a cluster is doing. For this reason, this book presents each feature of container runtimes and Kubernetes clusters from a debugging perspective. Every good debugging session starts by treating the application as a black box and observing its behavior, but it doesnt end there. Skilled problem solvers know how to open the black box, diving below the current abstraction layer to see how the program runs, how data is stored, and how traffic flows across the network. Skilled architects use this deep knowledge of a system to avoid performance and reliability issues. This book provides the detailed understanding of containers and Kubernetes that only comes from exploring not only what these technologies do but also how they work.