Kubernetes

back to index

description: an open-source container orchestration system for automating software deployment, scaling, and management

33 results

Architecting Modern Data Platforms: A Guide to Enterprise Hadoop at Scale

by Jan Kunigk, Ian Buss, Paul Wilkinson and Lars George  · 8 Jan 2019  · 1,409pp  · 205,237 words

being made in cloud-based deployments, particularly around new ways of deploying and running frameworks using containerization, such as can be done with Docker and Kubernetes. Since they are not yet widely adopted within enterprises, and since best practices and deployment patterns are still emerging, we do not cover these technologies

to ensure security isolation, the best practice is to run each user’s session in an isolated container. For example, CDSW uses Docker containers and Kubernetes to spin up sessions on one or more dedicated edge nodes. To support many users, multiple edge nodes can be added to the

Kubernetes cluster (see Figure 11-5). Master and worker nodes can run isolated containers within a Kubernetes cluster. Each container runs with its own Kerberos security context, and users can run different engines to

source software and is also commercially distributed by Red Hat, Pivotal, and others. It combines Docker as an OS-level technology to create containers and Kubernetes for automated deployment, scaling, and management of those containers. In OpenShift, Docker leverages the resource isolation and abstraction features of the Linux kernel to provide

need to change the underlying images. Different containerized applications can then be conveniently scheduled onto the same Linux instance without the need to start VMs. Kubernetes further takes advantage of these features by bundling containers into application pods. Pods are guaranteed to run on the same Linux host, and they provide

a means to group several microservices into a single colocated service unit. Kubernetes allows you to easily deploy and manage many pods as large-scale distributed applications across multiple physical servers, which it refers to as nodes. The

plurality of all nodes and pods form a Kubernetes cluster. OpenShift can significantly simplify the process of building applications and platform-as-a-service environments. For many enterprises, OpenShift and

Kubernetes pave the way toward scalable microservices. They are actually used to build public clouds as well, like Deutsche Telekom’s AppAgile service. Let’s apply

ingredients to support and automate all of our life cycle models. But there is no cohesive effort that we know of in the OpenShift or Kubernetes universe that’s comparable to OpenStack Sahara and would interact with distributor management tools to facilitate a deployment or to use anti-affinity rules according

cgroups to achieve isolation on its compute layer. Red Hat offers detailed information on how these mechanisms work together and how containers compare to VMs. Kubernetes employs a holistic security concept that allows fine-grained authorization via role-based access control (RBAC) for users and security context constraints (SCCs) that constrain

the actions that a given pod is allowed to perform on the host OS. A fundamental resource that is subject to authorization in Kubernetes is a namespace, which groups resources in a cluster and provides isolation of these resources. OpenShift extends the namespace concept to projects to provide fully

fledged group-based multitenancy, which can also be integrated with multiple options for authentication. The Kubernetes security concept also includes support of SDN. By default, SDN is used in Kubernetes to provide a scalable virtual network infrastructure to each pod. Via the ovs-multitenant plug-in, this concept

the existing affinity/anti-affinity mechanisms for Hadoop compute and storage. In addition, Hadoop distributor support for running frameworks such as Spark on Docker and Kubernetes has not materialized yet, though it is likely to emerge soon. It is likely that big data resource scheduling frameworks and

Kubernetes will converge in the future, but as of this writing, this is mere speculation. VMware and Pivotal Cloud Foundry Like OpenShift, Cloud Foundry is a

objects as well as the librados communication. krbd is typically used for Ceph RDBs on bare-metal servers or in container-based environments such as Kubernetes. iSCSI gateway Finally, the Ceph cluster can act as an iSCSI target by running a set of iSCSI gateways, as shown in Figure 15-3

Cluster Growthdrivers of growth, The Drivers of Cluster Growth implementing, Implementing Cluster Growth implementing in public cloud solutions, Implementing Clusters-Network Architecture in databases, Clustering Kubernetes, OpenShift life cycle in private cloud solutions, Solutions for Private Clouds life cycle models in virtual environments, Cluster Life Cycle Models-Cluster Life Cycle Modelsduration

master processes for HA, HDFS-Deployment recommendations distribution of blocks when using replication, Erasure Coding Versus Replication recommended limit of five, Large Cluster Configurations namespacesin Kubernetes, Isolation in Linux, Isolation NativeAzureFileSystem, Azure storage options Nearline SAS (NL-SAS), SAS, Nearline SAS, or SATA (or SSDs)? Netflix’s Iceberg, Sharing Metadata Services

Scenarios detrimental degradation, Failure Scenarios different types in clusters with different service roles, Access Topologies edge, Edge-connected networks filtering intra-node communications, Networking in Kubernetes, OpenShift partial node failure, Failure Scenarios placing far apart, Networking nonuniform memory access (NUMA), Nonuniform Memory Access-Why is NUMA important for big data? north

Other Components YCSB, Validating Other Components platform vulnerabilities (cloud), Environmental Risks playbooks, Playbooks and Postmortems pluggable authentication mechanism (PAM), SSSDconfiguring to use SSSD, SSSD pods (Kubernetes), OpenShift POSIX standardsACLs in Azure Data Lake Store, Azure storage options, ADLS NAS via NFS and SMB protocols and, Network-attached storage object storage vs

Form Factors software overlay networks, Network Virtualization software-defined networking (SDN), Network Virtualization-Network Virtualization, Solutions for Private Cloudsimportance for Hadoop, Network Virtualization in OpenShift Kubernetes, Isolation software-only SDN, Network Virtualization solid state drives (SSDs), SAS, Nearline SAS, or SATA (or SSDs)?attaching to instances in GCP, Instance types Azure

Docker: Up & Running: Shipping Reliable Containers in Production

by Sean Kane and Karl Matthias  · 14 May 2023  · 433pp  · 130,334 words

infrastructure, enforcing security and compliance, and keeping the lights on. This interface also forms the basis for a ton of innovation. Container orchestrators like Kubernetes and Nomad leverage this control plane to raise the level of abstraction, making it easier to manage containerized workflows at scale. Service mesh technologies, like

looking to solve the complex workflow problems involved in developing and deploying software to production at scale. If you’re interested in Linux containers, Docker, Kubernetes, DevOps, and large, scalable, software infrastructures, then this book is for you. Why Read This Book? Today there are many conversations, projects, and articles

We have worked with multiple companies for over nine years building and operating a mix of production Linux container platforms, including Docker, Mesos, and Kubernetes. We originally implemented Docker in production only months after its release and can share with you some of the experience we gained from evolving our

itself. Other tools are usually still needed to stitch together the larger workflow. That being said, because Docker and other Linux container toolsets, like Kubernetes (k8s), provide a well-defined interface for deployment, the method required to deploy containers will be consistent on all hosts, and a single deployment

of production systems in development, since most production systems will simply be Linux container servers, which can easily be reproduced locally. Workload management tool (Mesos, Kubernetes, Swarm, etc.) An orchestration layer (including the built-in Swarm mode) must be used to coordinate work across a pool of Linux container hosts,

significant and growing amount of software that is delivered into production environments, and provide the basis for many production systems, including, but not limited to, Kubernetes and most “serverless” cloud technologies. Note So-called serverless technologies are not actually serverless; they simply rely on other people’s servers to get

is deployed. Most production environments will provide you the ability to define the actual configuration and apply them at runtime. Docker Compose, Docker Swarm mode, Kubernetes, and cloud provider runtimes, like ECS, all do this for you. Configuration All applications need to somehow have access to their configuration. There are

by specific orchestration tools. In most modern container systems, all the orchestration tasks, including scheduling, are handled by the core cluster software, whether it be Kubernetes, Swarm, a cloud provider’s bespoke container-management system, or something else. Of all the features delivered by the platform, scheduling is undoubtedly the

the form of Ingress routes and might be one path to consider if you are using that platform. Examples of this include the following: Kubernetes’s Ingress controllers,1 including Traefik2 or Contour, among others Linkerd service mesh Standalone Sidecar service discovery with Lyft’s Envoy proxy Istio service mesh

, as the number of containers and frequency with which you deploy containers grows, the appeal of distributed schedulers will quickly become apparent. Tools like Kubernetes allow you to abstract individual servers and whole data centers into large pools of resources in which to run container-based tasks. There are undoubtedly

use Jenkins for continuous integration or are looking for a good way to test scaling Docker, there are many plug-ins for Docker, Mesos, and Kubernetes that are worth investigating. Many hosted, commercial platforms now provide containerized CI environments as well, including CircleCI and GitHub Actions. Outside Dependencies But what

following: Amazon Elastic Container Service Google Cloud Run Azure Container Apps Many of the same companies also have robust hosted Kubernetes offerings like these: Amazon Elastic Kubernetes Service Google Kubernetes Engine Azure Kubernetes Service It’s trivial to install Docker on a Linux instance in one of the public clouds. But getting Docker

and the client can deploy container stacks for development purposes. This provides a nice bridge for developers who use Docker locally but deploy to Kubernetes. Like Linux itself, Kubernetes is available in several distributions, both free and commercial. There is a wide variety of distributions that are available and supported to varying

that you can still resource-limit the individual application separately and leverage the large library of public Linux containers to construct your application. Additionally, Kubernetes administrators often leverage the pod abstraction to have a container run on pod startup to make sure things are configured properly for the others, to

than thinking of your system in terms of individual containers, but it can be pretty powerful. Let’s deploy something When working with pods in Kubernetes, we usually manage them through the abstraction of a deployment. A deployment is just a pod definition with some additional information, including health monitoring

deleted $ kubectl delete deployment hello-minikube deployment.apps "hello-minikube" deleted $ kubectl get all NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 138m Deploying a realistic stack Let’s now deploy something that looks more like a production stack

looking at, we need to introduce two more concepts: PersistentVolume and PersistentVolumeClaim. A PersistentVolume is a physical resource that we provision inside the cluster. Kubernetes has support for many kinds of volumes, from local storage on a node to Amazon Elastic Block Store (Amazon EBS) volumes on AWS and similar

ties the Deployment to our Service. So we now have a Service, but it doesn’t do anything yet. We need more definitions to make Kubernetes do what we want. PersistentVolumeClaim definition apiVersion: v1 kind: PersistentVolumeClaim metadata: name: cache-data-claim labels: app: lazyraster spec: accessModes: - ReadWriteOnce resources: requests: storage:

the running kubectl proxy processes, and then you can remove the deployment and all of its components by running the following command. It may take Kubernetes a minute or so to delete everything and return you to the terminal prompt: $ kubectl delete -f ./lazyraster-service.yaml service "lazyraster" deleted persistentvolumeclaim

now: $ minikube delete Deleting "minikube" in docker … Deleting container "minikube" … Removing /Users/spkane/.minikube/machines/minikube … Removed all traces of the "minikube" cluster. Tip Kubernetes is a really big system, with great community involvement. We’ve just shown you the tip of the iceberg with Minikube, but if you are

and diagnose cluster problems, use 'kubectl cluster-info dump'. You can see a redacted version of the information used by kubectl to connect to the Kubernetes server by running the following: $ kubectl config view --minify apiVersion: v1 clusters: - cluster: certificate-authority-data: DATA+OMITTED server: https://127.0.0.

configuration file with the --config argument when spinning up the cluster. You may find some of the follwing features useful: Changing the version of Kubernetes that is used Spinning up multiple worker nodes Spinning up multiple control plane nodes for HA testing Mapping ports between Docker and the local host

the --cgroup-parent argument to docker container create. This mechanism is also used by schedulers that run multiple containers inside the same cgroup (e.g., Kubernetes pods). Namespaces Inside each container, you see a filesystem, network interfaces, disks, and other resources that all appear to be unique to the container

Docker hosts, similar to the overlay driver but much more configurable and without the Swarm requirement. Another offering is Project Calico. If you’re running Kubernetes, which has its own networking configuration, you might also want to familiarize yourself with the Container Network Interface (CNI) and then look at Cilium,

: $ kind create cluster --name nerdctl Creating cluster "nerdctl" … … $ docker container exec -ti nerdctl-control-plane /bin/bash You should now be inside the kind/Kubernetes container. Note In the curl command that follows, you must ensure that you are downloading the correct version for your architecture. You will need to

, since they all spin up a VM that will consume system resources. After downloading, installing, and launching Rancher Desktop, you will have a local Kubernetes cluster, which, by default, is using containerd and can be interacted with via nerdctl. Note The exact location where Rancher Desktop installs the nerdctl binary

various reasons, but its true power lies in its ability to streamline much of the software packaging and testing workflow into a consolidated toolset. Kubernetes uses the Container Runtime Interface (CRI), which is not implemented by Docker and therefore required them to maintain another piece of wrapper software called

occurs. And as it turns out, Docker’s parent company has developed and continues to support a new shim, called cri-dockerd, that allows Kubernetes to continue to interface with Docker for those who need that workflow to be supported. Interestingly enough, Docker is also diversifying into noncontainer technologies, like

Containers at Scale stopping the task, Stopping the Task-Stopping the Task tasks, Tasks-Tasks testing the task, Testing the Task Amazon EKS (Elastic Kubernetes Service)hosted Kubernetes offerings, Containers at Scale Linux container use, Broad Support and Adoption, Amazon ECS and Fargate Amazon Fargate, Amazon ECS and Fargate(see also Amazon

-definition, Tasks stop-task, Stopping the Task iamcreate-service-linked-role, Tasks list-users, Configuration --version, Configuration Azure Container Apps, Containers at Scale Azure Kubernetes Service, Containers at Scale B backing services as attached resources, Backing Services bind mountsdocker container run -v command, Storage Volumesz and Z options (SELinux), Storage

builds, Debugging BuildKit Images-Debugging BuildKit Images directory caching, Directory Caching-Directory Caching enabling, Building an Image output color modification, Directory Caching Burns, Brandan, Kubernetes C cAdvisor for monitoring, cAdvisor-cAdvisor Centurion (New Relic), Orchestration cgroups in Linux kernelblock I/O, Block I/O cgroup namespaces, Namespaces containers in detailabout

token required for nodes joining cluster, Docker Swarm Mode public cloud providers supporting Linux containers, Containers at Scale Cloud Native Computing Foundation (CNCF)certifications of Kubernetes distributions, Distributed schedulers containerd runtime, Broad Support and Adoption codebase tracked in revision control, Codebase Colima for macOS, Vagrant Colossal Cave Adventure game, Exploring

, Distributed schedulers lower-level OCI-certified runtimes used by, Broad Support and Adoption containers (see Linux containers) containers and pods of Kubernetes, Kubernetes containers and pods-Kubernetes containers and pods continuous integration and continuous delivery (CI/CD)Docker plug-ins, Quick Overview workflow with Docker, The Promise of Docker-Benefits of

.json file editing, Exploring the Docker Server, More Advanced Logging, Prometheus Monitoring Docker Compose included, Exploring Docker Compose Docker Desktop for Linux, Linux Kubernetes, Docker Desktop-Integrated Kubernetes Linux commands minimal, Process Output macOS, GUI installerhypervisor framework, GUI installer VM-based Linux server, Non-Linux VM-Based Server xhyve, GUI installer

checks, Container Health Checks restarting a container per, Auto-Restarting a Container exit command for exiting container shell, Hostname exit command for exiting minikube, Running Kubernetes exiting via Ctrl-Capplications, Directory Caching events stream, docker system events logs stream, docker container logs stats stream, Command-line statistics strace process, Process

library, What Are Containers? minimal container example, Keeping Images Small template for output formatting, Environment Variables as Configuration Google Cloud Run, Containers at Scale Google Kubernetes Engine, Containers at Scale Google supporting Docker, Broad Support and Adoption gVisor runtime, Broad Support and Adoption, Namespaces, gVisor-gVisor H Harbor private image

API endpoint-stats API endpoint json-file logging plug-in, docker container logs-More Advanced Logging K k0s, Minikube k3d, Minikube k3s, Minikube k8s (see Kubernetes) Kata Containers runtime, Broad Support and Adoption kill command, Controlling Processespassing Unix signals, Controlling Processes kind, Kind-Kind kubectl commandabout, Installing Minikube apply, Deploying

, Distributed schedulers dockershim deprecation, The Road Ahead production orchestration, Robust Tooling public cloud provider offerings, Containers at Scale scalingabout, Kubernetes containers and pods, Kubernetes containers and pods-Kubernetes containers and pods dashboard, Kubernetes Dashboard deploying a production stack, Deploying a realistic stack deploying the application, Deploying the application-Deploying the application deployment, Let

-More Advanced Logging scaling, Quick Overview podman and buildah, podman and buildah-podman and buildah Podman Desktop, Podman Desktop pods and containers of Kubernetes, Kubernetes containers and pods-Kubernetes containers and pods ports for Docker networking, Network Ports and Unix Socketsdocker-proxy, Network Inspection export services via port binding, Port Binding rely

and delivery, Packaging and Delivery resource limits, Resource Limits scheduling, Scheduling-Orchestration service discovery, Service Discovery-Service Discovery getting to production, Getting to Production Kubernetes for orchestration, Robust Tooling latest tag not used, Docker Swarm Mode multistage builds, Multistage builds orchestration tools of Docker, Robust Tooling process control in production

Scale Docker Swarm mode, Docker Swarm Mode-Docker Swarm Modeoverlay network driver, Configuring networks horizontal with concurrency, Concurrency Kubernetesabout, Kubernetes containers and pods, Kubernetes containers and pods-Kubernetes containers and pods dashboard, Kubernetes Dashboard deploying a production stack, Deploying a realistic stack deploying the application, Deploying the application-Deploying the application deployment, Let

the founder of techlabs.sh and a principal production operations engineer at SuperOrbital. Sean specializes in engineering, teaching, and writing about modern DevOps processes, including Kubernetes, Docker, Terraform, and more. He has had a long career in production operations, with many diverse roles across a broad range of industries. Sean

Docker: Up & Running: Shipping Reliable Containers in Production

by Sean P. Kane and Karl Matthias  · 15 Mar 2018  · 350pp  · 114,454 words

Container Instances Tasks viii | Table of Contents 206 211 221 222 222 223 224 225 Testing the Task Stopping the Task Kubernetes What Is Minikube? Installing Minikube Running Kubernetes Kubernetes Dashboard Kubernetes Containers and Pods Let’s Deploy Something Deploying a Realistic Stack Service Definition PersistentVolumeClaim Definition Deployment Definition Deploying the Application Scaling Up

, highly available, and run on managed cloud infrastruc‐ tures. Achieving this resiliency and scalability requires relying on containerization and eventually container orchestration technologies such as Kubernetes. In addition to these container tools, cloud-native applications are generally built with serviceoriented or microservice architectures. I’m often asked if Docker is replacing

be consistent on all hosts, a single deployment workflow should suffice for most, if not all, of your Docker-based applications. Workload management tool (Mesos, Kubernetes, Swarm, etc.) An orchestration layer (including the built-in Swarm mode) must be used to coordinate work intelligently across a pool of Docker hosts, track

to the OS distribution on which they ship 10 | Chapter 2: The Docker Landscape their application. Some of the tooling and orchestrators built (e.g., Kubernetes, Swarm, or Mesos) on top of Docker now aim to replicate the simplicity of Heroku. But even though these platforms wrap more around Docker to

, and Swarm, which creates a cohesive deployment story for developers. Docker’s offerings in the production orchestration space have been largely overshadowed by Google’s Kubernetes and the Apache Mesos project in current deploy‐ Architecture | 15 ments. But Docker’s orchestration tools remain useful, with Compose being particularly handy for local

the benefits of Docker without much complexity. Fully automatic schedulers like Apache Mesos—when combined with a scheduler like Singularity, Aurora, Marathon, or Google’s Kubernetes—are more powerful options that take nearly complete control of a pool of hosts on your behalf. Other commercial entries are widely available, such as

you will delegate to Docker, to a deployment tool, or to 190 | Chapter 9: The Path to Production Containers a larger platform like Mesos or Kubernetes, or perhaps even leave on your more tradi‐ tional infrastructure. We have successfully transitioned multiple systems from tradi‐ tional deployments to containerized systems, and there

usually wraps around more than one instance of Docker and presents a common interface across Docker instances. This might be a single system like Mesos, Kubernetes, or Docker Swarm, or it may be a deployment system, a separate monitor‐ ing system, and a separate orchestration system. In transition from a more

to see which works best for you. Schedulers often can handle different kinds of workloads, including long-running services, one-off commands, and scheduled jobs. Kubernetes is another popular scheduler and came out of Google in 2014. It inherits a lot of what they learned on their own internal Borg system

lot of moving pieces. There are now at least two dozen different commercial distributions of Kuber‐ netes and at least a dozen cloud environments. The Kubernetes ecosystem has frag‐ mented at a really high rate, with lots of vendors trying to stake out their own territory early on. This space continues

easily reachable by systems in your older environment. Examples of this include: • The Mesos backend for the Traefik load balancer • Nixy for nginx and Mesos • Kubernetes’s ingress controllers • Standalone Sidecar service discovery with Lyft’s Envoy proxy • Istio and Lyft’s Envoy If you are running a blended modern and

use Jenkins for continuous integration or are looking for a good way to test scaling Docker, there are many plug-ins for Docker, Mesos, and Kubernetes that are worth investigating. Outside Dependencies But what about those external dependencies we glossed over? Things like the data‐ base, or Memcache or Redis instances

containers natively in their offerings. Some of the biggest efforts to implement Docker contain‐ ers in the public cloud include: • Amazon Elastic Container Service • Google Kubernetes Engine • Azure Container Service • Red Hat OpenShift Even cloud providers running on non-Linux operating systems like SmartOS and Windows are actively supporting the Docker

complex tooling systems, we are spoiled for choice with systems that replicate much of the functionality you would get from a public cloud provider, including Kubernetes, DC/OS Community Edition, and a standard Mesos cluster, as we discussed in the last chapter. Even if you run in a public cloud, there

at scale, first going through some of the simpler tools like Centurion and Docker Swarm mode, and then diving into some more advanced tools like Kubernetes and Amazon Elastic Container Service (ECS) with Fargate. All of these examples should give you a view of how you can leverage Docker to provide

see how this built-in Docker cluster mode can bridge the gap between simple tools like Centurion and the more full-featured robust platforms like Kubernetes and Amazon Elastic Container Service. Docker Swarm Mode After building the container runtime in the form of the Docker engine, the engineers at Docker turned

first-class citizens: the Elastic Container Service (ECS). In the last few years they have built upon this support with products like the ECS for Kubernetes (EKS) and, more recently, Fargate. Amazon ECS and Fargate | 221 Fargate is simply a marketing label Amazon uses for the new fea‐ ture of ECS

. It is not the most mature product today—that distinction goes to Mesos, which first launched in 2009 before containers were in widespread use—but Kubernetes has a great mix of functionality and a very strong community that includes many early Docker adopters. This mix has helped signifi‐ cantly increase its

popularity over the years. At DockerCon EU 2017, Docker, Inc. announced that Kubernetes support will be coming to the Docker Engine tooling itself. Supported Docker clients can mix deployments between Swarm and Kuber‐ netes from the same tooling

of distributions, both free and commercial. There are currently a few dozen that are available and supported to vary‐ ing degrees. Its widespread adoption means Kubernetes now has some pretty nice tooling for running it locally, including a whole distribution that can be controlled and installed locally with a single binary

latest version, you need to get the latest version from the website and then plug it into a URL like this: https://storage.googleapis.com/kubernetes-release/release/<VERSION>/bin/windows/ amd64/kubectl.exe. Once you’ve downloaded that, you again need to make sure it’s somewhere accessible from your

‐ ter. This is normally pretty straightforward. You usually don’t need to do any configu‐ ration beforehand. You can simply run: $ minikube start Starting local Kubernetes v1.9.0 cluster... Starting VM... Downloading Minikube ISO 142.22 MB / 142.22 MB [============================================] 100.00% 0s Getting VM IP address... Moving files into

containers on the host. 238 | Chapter 10: Docker at Scale We can look at those containers to see what we got: $ minikube ssh _ _ _ _ ( ) ( ) ___ ___ (_) ___ (_)| |/') _ _ | |_ __ /' _ ` _ `\| |/' _ `\| || , < ( ) ( )| '_`\ /'__`\ | ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )( ___/ (_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____) $ On your Kubernetes cluster you probably won’t be SSHing into the command line that often. But we want to see what’s installed and get a handle

we run minikube, we’re controlling a virtual machine. Let’s take a look at what is run‐ ning on the Docker instance on our Kubernetes cluster: $ docker ps CONTAINER ID 6039cd53ec91 a28e64d209f7 e84b6d75105b 539530cbe6e7 e73d514c68bf 21e4b12c144f 696ac03d09f5 47282c695e9e 92b1a4d2cd0c 97bab4a81ea8 IMAGE gcr.io/k8s.../storage-provisioner fed89e8b4248 459944ce8cc4 512cd7425a73 e94d2f21bc0c

logging into the Mini‐ kube VM over SSH, we can always check on the cluster status using another mini kube command: $ minikube status minikube: Running Kubernetes | 239 cluster: Running kubectl: Correctly Configured: pointing to minikube-vm at 192.168.99.100 This shows us that everything is looking good, and also

is that you can still resource-limit the individual application separately, and leverage the large library of public Docker containers to construct your application. Additionally, Kubernetes administrators often leverage the pod abstraction to have a container run on pod startup to make sure things are configured properly for the oth‐ ers

a shared resource, or to announce the application to others, for example. This allows you to make finer-grained containers than you might if you Kubernetes | 241 have to group things into the same container. Another nice part of the pod abstrac‐ tion is the ability to share mounted volumes.

thinking of your system in terms of individual containers, but it can be pretty powerful. Let’s Deploy Something When actually working with pods in Kubernetes, we usually manage them through the abstraction of a deployment. A deployment is just a pod definition with some health monitoring and replication. It contains

contains just one con‐ tainer. The Minikube project ships a sample application called echoserver that we can use to explore the basics of deployment on Kubernetes. We’ll call our deployment hello-minikube just like the Minikube documentation does. We’ve used the minikube command, but to get things done on

request: $ curl $(minikube service hello-minikube --url) CLIENT VALUES: client_address=172.17.0.1 command=GET real path=/ query=nil request_version=1.1 Kubernetes | 243 request_uri=http://192.168.99.100:8080/ SERVER VALUES: server_version=nginx: 1.10.0 - lua: 10001 HEADERS RECEIVED: accept=*/* host=192.168

. $ kubectl delete service hello-minikube service "hello-minikube" deleted $ kubectl delete deployment hello-minikube deployment "hello-minikube" deleted $ kubectl get all NAME READY NAME svc/kubernetes TYPE ClusterIP CLUSTER-IP 10.96.0.1 STATUS EXTERNAL-IP <none> RESTARTS PORT(S) 443/TCP AGE AGE 4d Deploying a Realistic Stack Let

looking at we need to introduce two more concepts: PersistentVolume and Per sistentVolumeClaim. A PersistentVolume is a physical resource that we provision inside the cluster. Kubernetes has support for many kinds of volumes, from local stor‐ age on a node to EBS volumes on AWS and similar on other cloud providers

need to re-assemble the URL and remove the back slashes for the command to work prop‐ erly. Service Definition apiVersion: v1 kind: Service metadata: Kubernetes | 245 name: lazyraster labels: app: lazyraster spec: type: NodePort ports: - port: 8000 targetPort: 8000 protocol: TCP selector: app: lazyraster The first section defines our Service

. The second and third sections, which we’ll see in a moment, respectively define our PersistentVolumeClaim and then our actual Deployment. We’ve told Kubernetes that our service will be called lazyraster and that it will be exposed on port 8000 which maps to the actual 8000 in our container

metadata: name: lazyraster labels: app: lazyraster spec: selector: matchLabels: app: lazyraster strategy: type: RollingUpdate template: metadata: labels: app: lazyraster spec: containers: - image: relistan/lazyraster:demo Kubernetes | 247 name: lazyraster env: - name: RASTER_RING_TYPE value: memberlist - name: RASTER_BASE_DIR value: /data ports: - containerPort: 8000 name: lazyraster volumeMounts: - name: cache-data

directly. We would normally use something like the hyperkube container to do that. If you are interested further, you can explore the documentation some more. Kubernetes | 253 Kubernetes is a really big system, with great community involve‐ ment. There is a big overlap with the Docker ecosystem, but it has also developed

a number of components of its own. There is increasing integration between Docker itself and Kubernetes. We’ve just shown you the tip of the iceberg with Minikube, but if you are interested there are many other commercial and free distributions

using the --cgroup-parent argument to docker create. This mechanism is also used by schedulers that run multiple containers inside the same cgroup (e.g., Kubernetes pods). Namespaces Inside each container, you see a filesystem, network interfaces, disks, and other resources that all appear to be unique to the container despite

driver but much more configurable, and without the Swarm requirement. Another offering, supported directly by Docker Enterprise Edition, is Project Calico. If you are running Kubernetes, which has its own networking configuration, you might also take a look at CoreOS’s flannel, which is an etcd-backed network fabric for containers

than you get with namespaces and cgroups. Rather than being a process on the main ker‐ 292 | Chapter 11: Advanced Topics nel, each container (or Kubernetes pod) runs inside a lightweight virtual machine and has its own kernel. From the outside it looks just like a normal Docker container, but the

design (see platform design) containerd, 14, 155, 288 functions of, 289 managing more than one runtime, 293 containers, 85-113, 255-264 and pods in Kubernetes, 241 auto-restarting, 104 cgroups, 256 /sys filesystem, 257 cleaning up containers and images, 108-110 cloud providers' support for, 205 container user, 154 creating

deployment, 243 get, 242, 243, 248 installing on Linux, 237 installing on Windows, 237 logs, 251 on macOS, 236 proxy, 252 run, 242 scale, 251 Kubernetes, 196, 234-254, 306 containers and pods, 241-242 dashboard, 240 deploying a pod, 242 deploying a realistic stack, 244 deploying the application, 248 Deployment

Linux containers, building and launching, 31 out-of-memory (OOM) killer, 100 logging, 128-134, 165, 194 configurable logging backends, 131 journald, 132 logs for Kubernetes application, 251 logs for services in Docker Compose, 176 non-plug-in community options, 133 sending container logs to syslog, 131-132 sending logs to

codebase, 300 concurrency, 306 configuration, 302 dependencies, 300 development/production parity, 307 disposable, 306 logs, 307 port binding, 305 processes, 305 plug-ins, 29 pods (Kubernetes), 241, 249 deployment, 242 ports port binding, 305 setting for Centurion, 210 printing Docker version, 115 privileged containers, 268-271 /proc filesystem, 261, 265, 297

, 292-298 Clear Containers/Kata Containers, 292 gVisor, 295 S scale, running Docker at, 205-254 Amazon ECS and Fargate, 221-234 Centurion, 206-211 Kubernetes, 234-254 scaling, horizontal, 306 schedulers automatic, 28 tools for, 206 scheduling, 195 distributed schedulers, 195 orchestration, 196 SDKs, Docker (software development kits), 17 seccomp

People Powered: How Communities Can Supercharge Your Business, Brand, and Teams

by Jono Bacon  · 12 Nov 2019  · 302pp  · 73,946 words

rebound in the wake of disruptive change.”29 Red Hat doesn’t operate alone. The global open-source community has produced tools such as Linux, Kubernetes, OpenStack, Apache, Debian, Jenkins, GNOME, and others that have had a profound impact on various industries, powering clouds, devices, vehicles, space shuttles, and more. Why

as a team on shared projects. This can unlock some quite literally world-changing opportunity. On June 7, 2014, a new open-source project called Kubernetes was announced. It was a piece of software that could be used for managing how software services run on the cloud. I won’t bore

you too much with what Kubernetes does, but safe to say, it rocked the tech and enterprise world. A critical element of why Kubernetes succeeded is that it is open-source. This means that its code is freely available and

another) as well as independent volunteers. Welcome to the Collaborator community model in action. What is neat about this model is that the value of Kubernetes (as one such example) increases as more people roll their sleeves up and get involved. If you spend one hour of your time contributing an

members, the easier the community will be to build. Everyone will get on and live in (mostly) perfect harmony. Our earlier mentions of Ardour and Kubernetes are good examples of this. They provide clear, open collaboration and development. Many other projects, such as Discourse and Fedora, are similarly good examples.23

figure out what value to add. Many new community members don’t know how to get started. As an example, many engineering communities—such as Kubernetes, Babel, Nextcloud, and React Native—point new developers at simple bug reports they can start with (often tagged with “good first issue”).4 Some support

to an existing set of code in different places. It is like a Band-Aid that adds additional functionality. In open-source communities such as Kubernetes, Drupal, and jQuery, pull requests are typically submitted publicly. Then other developers go in and review that pull request and provide feedback, also out in

.com/boards/. 12. Alexander van Engelen, interview with Jono Bacon via forum private message, May 10, 2018. 13. “Kubernetes/Kubernetes: Production-Grade Container Scheduling and Management,” GitHub, accessed March 2, 2019, https://github.com/kubernetes/kubernetes. 14. Gilbert Schacter et al., Psychology (New York: Worth Publishers, 2011), 295. 15. L. Chapman, and E. Newcomer

cycles for delivery of work on, 169, 170 on Quarterly Delivery Plan, 146, 148–50 tracking progress on, 159–60, 160–61 Kickstarter, 12, 23 Kubernetes, 26, 53, 66, 134, 204 labor, community members as source of, 120 The Late Show with Stephen Colbert (television series), 73–74 launch event, 190

Docker Deep Dive

by Nigel Poulton  · 10 May 2020

from ~400 pages to ~250 pages. I achieved this by reducing the font size to a more professional size that I already use in The Kubernetes Book (previous editions used a very large font). I also removed duplicate content and chapters that related to Docker Enterprise Edition which is no longer

wife and daughters for putting up with me. It can't be easy living with a geek who wants to mess about with Docker and Kubernetes every hour of the day. I'm also grateful to my younger brother who manages the operational aspects of everything I do --- he also proof

techoholic who spends his life creating books, training videos, and online hands-on training. He's the author of best-selling books on Docker and Kubernetes, as well as the most popular online training videos on the same topics (pluralsight.com. acloud.guru, and udemy.com). He's also a Docker

old days . . . . . . . . . . . . Hello VMware! . . . . . . . . . . . . . VMwarts . . . . . . . . . . . . . . . . Hello Containers! . . . . . . . . . . . . Linux containers . . . . . . . . . . . . Hello Doer! . . . . . . . . . . . . . . Windows containers . . . . . . . . . . Windows containers vs Linux containers What about Mac containers? . . . . . . What about Kubernetes . . . . . . . . . Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7 7 7 8 8 8 8 9 9 9 10 2: Doer . . . . . . . . . . . . . . . Doer - e TLDR . . . . . . . . . Doer, Inc. . . . . . . . . . . . . . e

Doer Secrets . . . . . . . . . . . . Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 217 218 218 222 234 235 16: What next . . . . . . . . . . . . Practice makes perfect . . . . . . Video training . . . . . . . . . . Get involved with the community Kubernetes . . . . . . . . . . . . Feedba and connecting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 237 237 237 237 238 . . . . . . . . . . . . . . . . . . 0: About the book is is a book about Doer, no prior knowledge required. In

lightweight Linux VM on your Mac. It’s extremely popular with developers, who can easily develop and test Linux containers on their Mac. What about Kubernetes Kubernetes is an open-source project out of Google that has quily emerged as the de facto orestrator of containerized apps. at’s just

a fancy way of saying Kubernetes is the most popular tool for deploying and managing containerized apps. Note: A containerized app is an application running as a container. At the time

Doer as its default container runtime — the low-level tenology that pulls images and starts and stops containers. However, Kubernetes has a pluggable container runtime interface (CRI) that makes it easy to swap-out Doer for a different container runtime. In the future, Do

er might be replaced by containerd as the default container runtime in Kubernetes. More on containerd later in the book, but for now it’s enough to know that containerd is the small specialized part of Doer

that does the low-level tasks of starting and stopping containers. 10 1: Containers from 30,000 feet e important thing to know about Kubernetes, at this stage, is that it’s a higher-level platform than Doer, and it currently uses Doer for its low-level container

-related operations. I have the following resources to help you learn Kubernetes: • e Kubernetes Book • Geing Started with Kubernetes video course (pluralsight.com) • Kubernetes 101 video course (udemy.com) Geing Started with Kubernetes is available at pluralsight.com and Kubernetes 101 is available at udemy.com. Chapter Summary We used to live

, creating network interfaces, and managing lower-level runc instances. containerd is pronounced “container-dee’ and is a graduated CNCF project used by Doer and Kubernetes as a container runtime. 13 A typical Doer installation has a single containerd process (docker-containerd) controlling the runc (dockerrunc) instances associated with ea

Swarm. Doer Swarm is easy-to-use and many companies are using it in real-world production. However, most people are oosing to use Kubernetes instead of Doer Swarm. The Open Container Initiative (OCI) Earlier in the apter we mentioned the Open Containers Initiative — OCI². e OCI is a

and managing application containers. It runs on Linux and Windows, can be installed almost anywhere, and is currently the most popular container runtime used by Kubernetes. e Open Container Initiative (OCI) was instrumental in standardizing the container runtime format and container image format. 3: Installing Docker ere are lots of ways

single-engine Doer environment that is great for development purposes. It includes Doer Compose and you can oose to enable a single-node Kubernetes cluster. Early versions of Doer Desktop experienced some feature-lag while the product was developed with a stability first, features second approa. However, the

installer that gets you a single-engine installation of Doer that’s ideal for local development needs. You can also enable a single-node Kubernetes cluster. We’ll look at a simple installation in a second, but before doing that it’s worth noting that Doer Desktop on Mac

Mac or Windows 10 laptop. It’s simple to install, is intended for development activities and even allows you to spin-up a single-node Kubernetes cluster. Doer can be installed on Windows Server and Linux, with most operating systems having paages that are simple to install. Play with

and networks. One of the reasons for adding more functionality is to make it easier to use in other projects. For example, in projects like Kubernetes, it was beneficial for containerd to do additional things like push and pull images. For these reasons, containerd now does a lot more than simple

is modular and optional, meaning you can pi and oose whi bits you want. So, it’s possible to include containerd in projects su as Kubernetes, but only to take the pieces your project needs. containerd was developed by Doer, Inc. and donated to the Cloud Native Computing Foundation (CNCF

and 49 lightweight and can be used by other projects and third-party tools. For example, it’s becoming the most common container runtime in Kubernetes. containerd needs to talk to an OCI-compliant container runtime to actually create containers. By default, Doer uses runc as its default container runtime

” field. 60 6: Images $ docker search nigelpoulton NAME nigelpoulton/pluralsight.. nigelpoulton/tu-demo nigelpoulton/k8sbook nigelpoulton/workshop101 <Snip> DESCRIPTION Web app used in... Kubernetes Book web app Kubernetes 101 Workshop STARS 22 12 2 0 AUTOMATED [OK] e “NAME” field is the repository name. is includes the Doer ID, or organization

apply to other container runtimes that are OCI compliant. Also, the things you’ll learn will help you if you need to learn and use Kubernetes. We’ll split this apter into the usual three parts: • e TLDR • e deep dive • e commands Docker containers - The TLDR A container is the

of docker-container run commands, or declaratively in YAML files for use with higher-level tools su as Doer Swarm, Doer Compose, and Kubernetes. At the time of writing, the following restart policies exist: 85 • • • always unless-stopped on-failed e always policy is the simplest. It always restarts

perform rolling updates, rollbas, and scaling operations. Again, all with simple commands. Doer Swarm competes directly with Kubernetes — they both orestrate containerized applications. While it’s true that Kubernetes has more momentum and a more active community and ecosystem, Doer Swarm is an excellent tenology and a

is Doer’s native tenology for managing clusters of Doer nodes and deploying and managing cloud-native applications. It is similar to Kubernetes. At its core, Swarm has a secure clustering component, and an orestration component. 149 e secure clustering component is enterprise-grade and offers a

at meetups and they’re a great place to network with people and learn. Kubernetes Now that you know a thing or two about Doer, a logical next-step might be Kubernetes. Without going into detail, Kubernetes is similar to Doer Swarm but has a larger scope and a more active

notoriously hard to learn. However, now that you know Doer and how swarm orestration works, learning Kubernetes will be easier. at said, if you don’t need all the extras that Kubernetes brings, you might be beer stiing with Swarm. ¹⁸https://play-with-docker.com/ ¹⁹http://app.pluralsight

Team Topologies: Organizing Business and Technology Teams for Fast Flow

by Matthew Skelton and Manuel Pais  · 16 Sep 2019

Chapter 7 Case Study: Team Interaction Diversity at IBM around 2014—Eric Minick, Program Director for Continuous Delivery, IBM Chapter 8 Case Study: Adoption of Kubernetes to Drive Organizational Change at uSwitch—Paul Ingles, Head of Engineering, uSwitch Case Study: Evolution of Team Topologies at TransUnion (Part 2)—Dave Hotchkiss, Platform

systems, Borland Delphi, the Java Virtual Machine, the .Net Framework, Pivotal Cloud Foundry, Microsoft Azure, and (recently) the IoT platform balena.io and container platform Kubernetes. These platforms have all generally succeeded in reducing the complexity of the underlying systems while exposing enough functionality to be useful to teams building on

the collaboration will likely tend to blur the boundaries of each part of the system between Team A and Team B? Case Study: Adoption of Kubernetes to Drive Organizational Change at uSwitch Paul Ingles, Head of Engineering, uSwitch Paul Ingles, at consumer-rating service uSwitch, describes how, after many years of

that minimized Dev team cognitive load.2 They adopted a new cloud infrastructure abstraction (called Kubernetes) in order to help with this shift: “We didn’t change our organization because we wanted to use Kubernetes; we used Kubernetes because we wanted to change our organization.”3 This deliberate use of a change in

’. DTIC Document, 1993. http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA284683. Ingles, Paul. “Convergence to Kubernetes.” Paul Ingles (blog), June 18, 2018. https://medium.com/@pingles/convergence-to-kubernetes-137ffa7ea2bc. innolution. n.d. “Feature Team Definition | Innolution.” Accessed October 14, 2018. https://innolution.com/resources/glossary/feature-team

Reteaming, 13. 12. Reinertsen, The Principles of Product Development Flow, 254. Chapter 8 1. Forsgren et al., Accelerate, 63. 2. Ingles, “Convergence to Kubernetes.” 3. Ingles, “Convergence to Kubernetes,” 4. Sussna, Designing Delivery, 61. 5. Kotter, “Accelerate!” 6. Drucker, The Daily Drucker, 291. 7. Stanford, Guide to Organisation Design, 17. 8. Narayan

Monolith to Microservices: Evolutionary Patterns to Transform Your Monolith

by Sam Newman  · 14 Nov 2019  · 355pp  · 81,788 words

for grabs. This can be a huge advantage—allowing you to mix and match technology stacks if you wish. You don’t have to use Kubernetes, Docker, containers, or the public cloud. You don’t have to code in Go or Rust or whatever else. In fact, your choice of programming

process to run and manage, to then giving them 10 or 20? Or perhaps even more aggressively, expecting them to run your software on a Kubernetes cluster or similar? The reality is that you cannot expect your customers to have the skills or platforms available to manage microservice architectures. Even if

they do, they may not have the same skills or platform that you require. There is a large variation between Kubernetes installs, for example. Not Having a Good Reason! And finally, we have the biggest reason not to adopt microservices, and that is if you don

effort. In Figure 2-11, we see such an example, which shows that I really want to focus my time and energy in growing my Kubernetes and Lambda experience, perhaps indicative of the fact that I’m now having to manage deployment of my own software. Just as important is highlighting

I might be happy with my level of PACT skill, as a whole the team wants to improve more in that area, while Kafka and Kubernetes is another space that may need some intensive focus. This might highlight the need for some group learning, and perhaps justify a bigger investment such

as a whole find the balance it needs. Figure 2-12. Looked at as a whole, the team has a need to improve its Kafka, Kubernetes, and PACT Testing skills Changing the skill set of the existing team members isn’t the only way forward, of course. What we’re often

, Jez Humble, and Patrick Debois, The DevOps Handbook (IT Revolution Press, 2016). 11 Yes, this has happened. It’s not all fun and games and Kubernetes…. Chapter 3. Splitting the Monolith In Chapter 2, we explored how to think about migration to a microservice architecture. More specifically, we explored whether it

costs) needed for developer environments. Telepresence is an example of a tool that is aiming to make a hybrid local/remote developer workflow easier for Kubernetes users. You can develop your service locally, but Telepresence can proxy calls to other services to a remote cluster, allowing you (hopefully) the best of

for a high degree of automation, that can allow developers ideally to self-service provision deployments, and that handles automated desired state management. For microservices, Kubernetes has emerged as the tool of choice in this space. It requires that you containerize your services, but once you do, you can use

Kubernetes to manage the deployment of your service instances across multiple machines, ensuring you can scale to improve robustness and handle load (assuming you have enough

hardware). Vanilla Kubernetes isn’t what I would consider developer-friendly. A multitude of people are working on higher-order, more developer-friendly abstractions, and I expect that

work to continue. In the future, I expect that many developers who are running software on Kubernetes won’t even realize, as it will just become an implementation detail. I tend to see larger organizations adopt a packaged version of

Kubernetes, such as OpenShift from RedHat, which bundles Kubernetes with tooling that makes it easier to work with within a corporate environment—perhaps handling corporate identity and access management controls. Some

lucky enough to be on the public cloud, you could use the many different options there to handle deployments of your microservice architecture, including managed Kubernetes offerings. Both AWS and Azure, for example, offer multiple options in this space. I’m a big fan of Function-as-a-Service (FaaS), a

the prospect of drastically reduced operational overhead. For teams I work with who are already on the public cloud, I tend to not start with Kubernetes or similar container-based platforms. Instead, I’ve adopted an approach of serverless-first—try to make use of serverless technology like FaaS as a

that if you’re already on the public cloud, you may not always need the complexity of a container-based platform like Kubernetes. Warning I do see people reaching for Kubernetes and the like a bit too early in the process of adopting microservices, often assuming it is a prerequisite. Far from

it—platforms like Kubernetes excel at helping you manage multiple processes, but you should wait until you have enough processes that your current approach and technology are starting to

that you need only five microservices, and that you can happily handle this with your existing solutions—in which case, great! Don’t adopt a Kubernetes-based platform just because you see everyone else doing it, which can also be said for microservices! End-to-End Testing With any type of

Docker in Action

by Jeff Nickoloff and Stephen Kuenzli  · 10 Dec 2019  · 629pp  · 109,663 words

and adoption of several container orchestrators. The primary purpose of a container orchestrator is to run applications modeled as services across a cluster of hosts. Kubernetes, the most famous of these orchestrators, has seen significant adoption and gained support from every major technology vendor. The Cloud Native Computing Foundation was formed

around that project, and if you ask them, a “cloud native” app is one designed for deployment on Kubernetes. But it is important not to get too caught up in the marketing or the specific orchestration technology. This book does not cover

Kubernetes for two reasons. While Kubernetes is included with Docker for Desktop, it is massive and in constant flux. It could never be covered at any depth in a handful

or even in a book with fewer than 400 pages. A wealth of excellent resources are available online as well as wonderful published books on Kubernetes. We wanted to focus on the big idea—service orchestration—in this book without getting too lost in the nuances. Second, Docker ships with Swarm

on Docker. Some tools use the Docker subcomponents. Those subcomponents are independent projects such as runc, libcontainerd, and notary. Kubernetes is the most notable project in the ecosystem aside from Docker itself. Kubernetes provides an extensible platform for orchestrating services as containers in clustered environments. It is growing into a sort of

“datacenter operating system.” Like the Linux Kernel, cloud providers and platform companies are packaging Kubernetes. Kubernetes depends on container engines such as Docker, and so the containers and images you build on your laptop will run in

Kubernetes. You need to consider several trade-offs when picking up any tool. Kubernetes draws power from its extensibility, but that comes at the expense of its learning curve and ongoing support effort

. Today building, customizing, or extending Kubernetes clusters is a full-time job. But using existing Kubernetes clusters to deploy your applications is straightforward with minimal

research. Most readers looking at Kubernetes should consider adopting a managed offering from a major public cloud provider before building

network interfaces, manage NodePort publishing, register containers with service-discovery systems, and integrate with upstream load-balancing systems. Kubernetes has a whole ecosystem of networking providers, and depending on how you are consuming Kubernetes (as the project, a productized distribution, or managed service), you may or may not have any say in

which provider you use. Entire books could be written about networking options for Kubernetes. I won’t do them the disservice of attempting to summarize them here. Above the network provider layer, a whole continuum of service-discovery tools

this chapter throughout the remainder of the book. The same concepts, problems, and fundamental tooling are provided by all of the container orchestration systems including Kubernetes. The material that follows will be helpful in understanding whichever orchestrators you use in your daily job. 11.1. A service “Hello World!” Getting started

option iptables rule ipvlan driver ipvs rule isolation, containers and J jail Jenkins JVM (Java Virtual Machine), 2nd K key/value pairs kill program, Linux Kubernetes, 2nd L label confinement, SELinux - -label flag LABEL instruction, 2nd LABEL maintainer Label Schema project, 2nd - -label-add option - -label-rm option LAMP (Linux, Apache

Seeking SRE: Conversations About Running Production Systems at Scale

by David N. Blank-Edelman  · 16 Sep 2018

the open source space. Hence, building Bazooka was a necessity and not a result of a not-invented-here syndrome. Later, we migrated completely to Kubernetes. Bazooka and the Platforms team are history now. Closing the Loop: Take Your Own Pager Now that it was easy and quick to deploy changes

products with vibrant communities. An example of this is our planned move from our homegrown container orchestration system, Helios, to a managed Kubernetes services (Google Kubernetes Engine). In adopting Kubernetes instead of further investing in our own container orchestration system, we can benefit from the many contributions of the open source community. Making

(cloud providers are variable operational costs, not fixed), and all companies trying desperately to catch up with the latest infrastructure-as-code breakthroughs (Docker and Kubernetes), operational complexity is increasing exponentially. Most companies lack the skill set and engineering culture treats that enable for a healthy balance of forces to release

infrastructure management and development. The SRE will have deeper and broader infrastructure skills encompassing more of load balancers, networking, databases, and container orchestration systems like Kubernetes; whereas the DevOps developer will usually have deeper expertise in the business domain and preferred programming language. DevOps teams are more likely in environments with

.g., AWS Elastic Compute Cloud [EC2] and Google Compute Engine [GCE]), Containers as a Service (CaaS; e.g., AWS Elastic Container Service [ECS] and Google Kubernetes Engine [GKE]), and “serverless” or Functions as a Service (FaaS; e.g., AWS Lambda and Google Cloud Functions). Load balancers Load balancers are a primary

API Marketplace Engineering: Design, Build, and Run a Platform for External Developers

by Rennay Dorasamy  · 2 Dec 2021  · 328pp  · 77,877 words

horizontal scaling of infrastructure. Cheaper, albeit less powerful hardware, can easily host several container instances due to their lightweight footprint. A Managed container platform, like Kubernetes, provides capability like self-healing which restarts failed containers and checks health of containers before advertising them to clients. It also provides automated rollouts and

rollbacks. To be completely transparent, our early project team was in unchartered territory regarding containerization – let alone having to build a Kubernetes Managed Container platform on-premises. I can still see the hopeless expression of an exasperated project manager, eager to meet the sprint objective – when the

Managed Container Platform, and through our progression, now have a far better understanding and appreciation of what Kubernetes offers. It is easy to become enamored with the appeal of Containerization, especially a platform like Kubernetes. I have observed the power of Infrastructure as Code and have suffered delusions of grandeur by the

Platform is an enabler of the application platform. I have since come to the conclusion that the true power of a Managed Container platform, like Kubernetes, is that it fades to the background and allows you to focus on the application. As a full-stack engineer, it is essential to understand

the elements and function of a container platform and how a request journeys from ingress to service to pod. The management of our on-premises Kubernetes platform has since been transferred to an enterprise DevOps team. This will further transition to a managed Cloud service

. Kubernetes as a Service offerings abstract complexities of infrastructure management, network fabric configuration, and help teams to easily achieve complex objectives such as setting up persistent

Solution Alignment Forum. Unfortunately, our DevOps druid skills were not strong enough to conquer persistent storage volumes on our Kubernetes cluster, and we instead adopted a new design strategy that our Kubernetes cluster would not have any persistent storage. I hope that this position inspires a reader out there to write a

book on the “Dummy’s Guide to Persistent Storage on Kubernetes” and I promise to buy a copy. However, this decision was made after intense discussion and deliberation. The deciding factor that helped to settle the

travelled. Essentially microservice communication would be achieved using good old HTTP. After all, we had our hands full with variable elements like an on-premises Kubernetes cluster and I shuddered at the thought of adding in a new, and at the time, relatively unproven technology element into the stack. It was

developer jolted me to the harsh reality that I was working harder, not smarter. The solution was to use the port-forward capability of the Kubernetes command-line tool, kubectl, to start a local listener which would route the request to a gRPC pod running in a

Kubernetes cluster. This concept is illustrated in Figure 5-6. Figure 5-6Port-forward connectivity This allows the developer to build a solution using a blend

solution is the ability to specify the configuration at runtime. Note that there are varying degrees of elegance – configuration data can be specified in a Kubernetes config map. As your deployment could consist of several microservices, each with its own config map, this could result in configuration data scattered across config

work with a tenacious team, the end result is not as optimal as it could be. Figure 5-9Launch configuration If building an on-premises Kubernetes cluster was not enough of a challenge, we opted to build two – one in the internal network and another in the Demilitarized Zone (DMZ). Our

access to run his install scripts. In our DMZ, like a real prison, there are different levels of security. Back when we started, Containers and Kubernetes were deemed to be extremely dangerous, and a new zone, even more restricted than the rest, was purpose-built for us. We learnt of this

two seasoned DevOps Engineers join our team, who actually “knew what we did not know.” With their experience, a far more stable and enterprise-ready Kubernetes cluster was quickly established – the third iteration. Figure 5-10As-Is configuration One of the first questions raised regarded the need for a full-blown

Kubernetes cluster in the DMZ. They patiently explained, as a parent would to a child who wanted ice cream before the main meal, that a simpler

Reverse Proxy in the DMZ. This milestone decision allowed the migration of the single web application hosted in the DMZ Container Platform to the internal Kubernetes cluster. This has optimized delivery as internal pipelines and network connectivity can be leveraged and support simplified as the container and associated logs can easily

example, to synchronize Account transactions, are residents of this platform. To-Be Configuration As challenging and rewarding as finally establishing an enterprise-grade on-premises Kubernetes platform has been, the team has reached the conclusion that this exercise is much like keeping a lion as a pet. The platform demands constant

, such as connectivity from an on-premises component to Cloud and back to on-premises. The ultimate aim is to use a Cloud provider Managed Kubernetes Service which would abstract the underlying infrastructure requirement and allow us to focus on the microservice as a container. Simply put, we would pack up

, within a significantly different organizational context. It allowed us hands-on exposure to elements like Docker for containerization, gRPC for inter-service microservice communication, and Kubernetes for container management. We consider deep technical components like ingresses, services, and pods as offspring we have hand-raised and nurtured. Like parents with a

version. An Instant Message (IM) had to be sent to a middle-earth wizard, Gandalf, a chatbot, who would then magically update configuration in the Kubernetes cluster to route requests to the new version. Gandalf only took instruction from specific hobbits on the team which maintained the sanctity of the release

and rolled back if necessary. More importantly, it minimizes access requirements to supporting systems such as databases and configuration maps, in the case of a Kubernetes cluster. Hosted applications : This is certainly a unique use-case but is also a significant revenue stream for the platform. It is also an example

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems

by Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski and Adam Stubblefield  · 29 Mar 2020  · 1,380pp  · 190,710 words

Machine Learning Design Patterns: Solutions to Common Challenges in Data Preparation, Model Building, and MLOps

by Valliappa Lakshmanan, Sara Robinson and Michael Munn  · 31 Oct 2020

The Nature of Software Development: Keep It Simple, Make It Valuable, Build It Piece by Piece

by Ron Jeffries  · 14 Aug 2015  · 444pp  · 118,393 words

An Elegant Puzzle: Systems of Engineering Management

by Will Larson  · 19 May 2019  · 227pp  · 63,186 words

Zero to Sold: How to Start, Run, and Sell a Bootstrapped Business

by Arvid Kahl  · 24 Jun 2020  · 461pp  · 106,027 words

The Docker Book

by James Turnbull  · 13 Jul 2014  · 265pp  · 60,880 words

Hands-On RESTful API Design Patterns and Best Practices

by Harihara Subramanian  · 31 Jan 2019  · 422pp  · 86,414 words

Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems

by Martin Kleppmann  · 16 Mar 2017  · 1,237pp  · 227,370 words

Site Reliability Engineering: How Google Runs Production Systems

by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Richard Murphy  · 15 Apr 2016  · 719pp  · 181,090 words

Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems

by Martin Kleppmann  · 17 Apr 2017

Principles of Web API Design: Delivering Value with APIs and Microservices

by James Higginbotham  · 20 Dec 2021  · 283pp  · 78,705 words

API Design Patterns

by Jj Geewax  · 19 Jul 2021  · 725pp  · 168,262 words

The AI-First Company

by Ash Fontana  · 4 May 2021  · 296pp  · 66,815 words

Working in Public: The Making and Maintenance of Open Source Software

by Nadia Eghbal  · 3 Aug 2020  · 1,136pp  · 73,489 words

Chaos Engineering: System Resiliency in Practice

by Casey Rosenthal and Nora Jones  · 27 Apr 2020  · 419pp  · 102,488 words

Mastering Blockchain: Unlocking the Power of Cryptocurrencies and Smart Contracts

by Lorne Lantz and Daniel Cawrey  · 8 Dec 2020  · 434pp  · 77,974 words

Rise of the Machines: A Cybernetic History

by Thomas Rid  · 27 Jun 2016  · 509pp  · 132,327 words

The Art of Monitoring

by James Turnbull  · 1 Dec 2014  · 514pp  · 111,012 words

Building Microservices

by Sam Newman  · 25 Dec 2014  · 540pp  · 103,101 words

Clean Agile: Back to Basics

by Robert C. Martin  · 13 Oct 2019  · 333pp  · 64,581 words

Between Human and Machine: Feedback, Control, and Computing Before Cybernetics

by David A. Mindell  · 10 Oct 2002  · 759pp  · 166,687 words

Possible Minds: Twenty-Five Ways of Looking at AI

by John Brockman  · 19 Feb 2019  · 339pp  · 94,769 words

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats

by Richard A. Clarke and Robert K. Knake  · 15 Jul 2019  · 409pp  · 112,055 words