Muutke küpsiste eelistusi

E-raamat: Production Kubernetes

4.43/5 (97 hinnangut Goodreads-ist)
, , ,
  • Formaat: 508 pages
  • Ilmumisaeg: 16-Mar-2021
  • Kirjastus: O'Reilly Media
  • Keel: eng
  • ISBN-13: 9781492092254
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 56,15 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Production KubernetesSuurem pilt
  • Formaat: 508 pages
  • Ilmumisaeg: 16-Mar-2021
  • Kirjastus: O'Reilly Media
  • Keel: eng
  • ISBN-13: 9781492092254
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Kubernetes has become the dominant container orchestrator, but many organizations that have recently adopted this system are still struggling to run actual production workloads. In this practical book, four software engineers from VMware bring their shared experiences running Kubernetes in production and provide insight on key challenges and best practices.

The brilliance of Kubernetes is how configurable and extensible the system is, from pluggable runtimes to storage integrations. For platform engineers, software developers, infosec, network engineers, storage engineers, and others, this book examines how the path to success with Kubernetes involves a variety of technology, pattern, and abstraction considerations.

With this book, you will:

  • Understand what the path to production looks like when using Kubernetes
  • Examine where gaps exist in your current Kubernetes strategy
  • Learn Kubernetes's essential building blocks--and their trade-offs
  • Understand what's involved in making Kubernetes a viable location for applications
  • Learn better ways to navigate the cloud native landscape
Foreword xiii
Preface xv
1 A Path to Production
1(22)
Defining Kubernetes
1(1)
The Core Components
2(2)
Beyond Orchestration---Extended Functionality
4(1)
Kubernetes Interfaces
5(2)
Summarizing Kubernetes
7(1)
Defining Application Platforms
7(1)
The Spectrum of Approaches
8(2)
Aligning Your Organizational Needs
10(1)
Summarizing Application Platforms
11(1)
Building Application Platforms on Kubernetes
12(1)
Starting from the Bottom
13(2)
The Abstraction Spectrum
15(1)
Determining Platform Services
16(1)
The Building Blocks
17(4)
Summary
21(2)
2 Deployment Models
23(40)
Managed Service Versus Roll Your Own
24(1)
Managed Services
24(1)
Roll Your Own
24(1)
Making the Decision
25(1)
Automation
26(1)
Prebuilt Installer
26(1)
Custom Automation
27(1)
Architecture and Topology
28(1)
Etcd Deployment Models
28(1)
Cluster Tiers
29(2)
Node Pools
31(1)
Cluster Federation
32(3)
Infrastructure
35(1)
Bare Metal Versus Virtualized
36(3)
Cluster Sizing
39(2)
Compute Infrastructure
41(1)
Networking Infrastructure
42(2)
Automation Strategies
44(2)
Machine Installations
46(1)
Configuration Management
46(1)
Machine Images
47(1)
What to Install
47(2)
Containerized Components
49(1)
Add-ons
50(2)
Upgrades
52(1)
Platform Versioning
52(1)
Plan to Fail
53(1)
Integration Testing
54(1)
Strategies
55(5)
Triggering Mechanisms
60(1)
Summary
61(2)
3 Container Runtime
63(16)
The Advent of Containers
64(1)
The Open Container Initiative
65(1)
OCI Runtime Specification
65(2)
OCI Image Specification
67(2)
The Container Runtime Interface
69(1)
Starting a Pod
70(2)
Choosing a Runtime
72(1)
Docker
73(1)
containerd
74(1)
CRI-O
75(1)
Kata Containers
76(1)
Virtual Kubelet
77(1)
Summary
78(1)
4 Container Storage
79(22)
Storage Considerations
80(1)
Access Modes
80(1)
Volume Expansion
81(1)
Volume Provisioning
81(1)
Backup and Recovery
81(1)
Block Devices and File and Object Storage
82(1)
Ephemeral Data
83(1)
Choosing a Storage Provider
83(1)
Kubernetes Storage Primitives
83(1)
Persistent Volumes and Claims
84(2)
Storage Classes
86(1)
The Container Storage Interface (CSI)
87(1)
CSI Controller
88(1)
CSI Node
89(1)
Implementing Storage as a Service
89(1)
Installation
90(3)
Exposing Storage Options
93(1)
Consuming Storage
94(2)
Resizing
96(1)
Snapshots
97(2)
Summary
99(2)
5 Pod Networking
101(26)
Networking Considerations
102(1)
IP Address Management
102(2)
Routing Protocols
104(2)
Encapsulation and Tunneling
106(2)
Workload Routability
108(1)
IPv4 and IPv6
109(1)
Encrypted Workload Traffic
109(1)
Network Policy
110(2)
Summary: Networking Considerations
112(1)
The Container Networking Interface (CNI)
112(2)
CNI Installation
114(2)
CNI Plug-ins
116(1)
Calico
117(3)
Cilium
120(3)
AWSVPCCNI
123(2)
Multus
125(1)
Additional Plug-ins
126(1)
Summary
126(1)
6 Service Routing
127(60)
Kubernetes Services
128(1)
The Service Abstraction
128(7)
Endpoints
135(3)
Service Implementation Details
138(10)
Service Discovery
148(3)
DNS Service Performance
151(1)
Ingress
152(1)
The Case for Ingress
153(1)
The Ingress API
154(2)
Ingress Controllers and How They Work
156(1)
Ingress Traffic Patterns
157(4)
Choosing an Ingress Controller
161(1)
Ingress Controller Deployment Considerations
162(3)
DNS and Its Role in Ingress
165(1)
Handling TLS Certificates
166(3)
Service Mesh
169(1)
When (Not) to Use a Service Mesh
170(1)
The Service Mesh Interface (SMI)
170(3)
The Data Plane Proxy
173(2)
Service Mesh on Kubernetes
175(4)
Data Plane Architecture
179(2)
Adopting a Service Mesh
181(3)
Summary
184(3)
7 Secret Management
187(32)
Defense in Depth
188(1)
Disk Encryption
189(1)
Transport Security
190(1)
Application Encryption
190(1)
The Kubernetes Secret API
191(2)
Secret Consumption Models
193(3)
Secret Data in etcd
196(2)
Static-Key Encryption
198(3)
Envelope Encryption
201(2)
External Providers
203(1)
Vault
203(1)
Cyberark
203(1)
Injection Integration
204(4)
CSI Integration
208(2)
Secrets in the Declarative World
210(1)
Sealing Secrets
211(1)
Sealed Secrets Controller
211(3)
Key Renewal
214(1)
Multicluster Models
215(1)
Best Practices for Secrets
215(1)
Always Audit Secret Interaction
215(1)
Don't Leak Secrets
216(1)
Prefer Volumes Over Environment Variables
216(1)
Make Secret Store Providers Unknown to Your Application
216(1)
Summary
217(2)
8 Admission Control
219(24)
The Kubernetes Admission Chain
220(2)
In-Tree Admission Controllers
222(1)
Webhooks
223(2)
Configuring Webhook Admission Controllers
225(2)
Webhook Design Considerations
227(1)
Writing a Mutating Webhook
228(1)
Plain HTTPS Handler
229(2)
Controller Runtime
231(3)
Centralized Policy Systems
234(7)
Summary
241(2)
9 Observability
243(30)
Logging Mechanics
244(1)
Container Log Processing
244(3)
Kubernetes Audit Logs
247(2)
Kubernetes Events
249(1)
Alerting on Logs
250(1)
Security Implications
251(1)
Metrics
251(1)
Prometheus
251(2)
Long-Term Storage
253(1)
Pushing Metrics
253(1)
Custom Metrics
254(1)
Organization and Federation
254(2)
Alerts
256(1)
Showback and Chargeback
257(3)
Metrics Components
260(9)
Distributed Tracing
269(1)
OpenTracing and OpenTelemetry
269(1)
Tracing Components
270(2)
Application Instrumentation
272(1)
Service Meshes
272(1)
Summary
272(1)
10 Identity
273(40)
User Identity
274(1)
Authentication Methods
275(10)
Implementing Least Privilege Permissions for Users
285(3)
Application/Workload Identity
288(1)
Shared Secrets
289(1)
Network Identity
289(4)
Service Account Tokens (SAT)
293(4)
Projected Service Account Tokens (PSAT)
297(2)
Platform Mediated Node Identity
299(12)
Summary
311(2)
11 Building Platform Services
313(40)
Points of Extension
314(1)
Plug-in Extensions
314(1)
Webhook Extensions
315(1)
Operator Extensions
316(1)
The Operator Pattern
317(1)
Kubernetes Controllers
317(1)
Custom Resources
318(5)
Operator Use Cases
323(1)
Platform Utilities
323(1)
General-Purpose Workload Operators
324(1)
App-Specific Operators
324(1)
Developing Operators
325(1)
Operator Development Tooling
325(4)
Data Model Design
329(2)
Logic Implementation
331(16)
Extending the Scheduler
347(1)
Predicates and Priorities
348(1)
Scheduling Policies
348(2)
Scheduling Profiles
350(1)
Multiple Schedulers
350(1)
Custom Scheduler
350(1)
Summary
351(2)
12 Multitenancy
353(24)
Degrees of Isolation
354(1)
Single-Tenant Clusters
354(1)
Multitenant Clusters
355(2)
The Namespace Boundary
357(1)
Multitenancy in Kubernetes
358(1)
Role-Based Access Control (RBAC)
358(2)
Resource Quotas
360(1)
Admission Webhooks
361(2)
Resource Requests and Limits
363(5)
Network Policies
368(2)
Pod Security Policies
370(4)
Multitenant Platform Services
374(1)
Summary
375(2)
13 Autoscaling
377(20)
Types of Scaling
378(1)
Application Architecture
379(1)
Workload Autoscaling
380(1)
Horizontal Pod Autoscaler
380(4)
Vertical Pod Autoscaler
384(3)
Autoscaling with Custom Metrics
387(1)
Cluster Proportional Autoscaler
388(1)
Custom Autoscaling
389(1)
Cluster Autoscaling
389(4)
Cluster Overprovisioning
393(2)
Summary
395(2)
14 Application Considerations
397(28)
Deploying Applications to Kubernetes
398(1)
Templating Deployment Manifests
398(1)
Packaging Applications for Kubernetes
399(1)
Ingesting Configuration and Secrets
400(1)
Kubernetes ConfigMaps and Secrets
400(3)
Obtaining Configuration from External Systems
403(1)
Handling Rescheduling Events
404(1)
Pre-stop Container Life Cycle Hook
404(1)
Graceful Container Shutdown
405(2)
Satisfying Availability Requirements
407(1)
State Probes
408(1)
Liveness Probes
409(1)
Readiness Probes
410(1)
Startup Probes
411(1)
Implementing Probes
412(1)
Pod Resource Requests and Limits
413(1)
Resource Requests
413(1)
Resource Limits
414(1)
Application Logs
415(1)
What to Log
415(1)
Unstructured Versus Structured Logs
416(1)
Contextual Information in Logs
416(1)
Exposing Metrics
416(1)
Instrumenting Applications
417(2)
USE Method
419(1)
RED Method
419(1)
The Four Golden Signals
419(1)
App-Specific Metrics
419(1)
Instrumenting Services for Distributed Tracing
420(1)
Initializing the Tracer
420(1)
Creating Spans
421(1)
Propagate Context
422(1)
Summary
423(2)
15 Software Supply Chain
425(24)
Building Container Images
426(2)
The Golden Base Images Antipattern
428(1)
Choosing a Base Image
429(1)
Runtime User
430(1)
Pinning Package Versions
430(1)
Build Versus Runtime Image
431(1)
Cloud Native Buildpacks
432(2)
Image Registries
434(1)
Vulnerability Scanning
435(2)
Quarantine Workflow
437(1)
Image Signing
438(1)
Continuous Delivery
439(1)
Integrating Builds into a Pipeline
440(3)
Push-Based Deployments
443(2)
Rollout Patterns
445(1)
GitOps
446(2)
Summary
448(1)
16 Platform Abstractions
449(16)
Platform Exposure
450(1)
Self-Service Onboarding
451(2)
The Spectrum of Abstraction
453(1)
Command-Line Tooling
454(1)
Abstraction Through Templating
455(3)
Abstracting Kubernetes Primitives
458(4)
Making Kubernetes Invisible
462(2)
Summary
464(1)
Index 465
Josh Rosso has been working with organizations to adopt Kubernetes since version 1.2 (2016). During which he's worked as an engineer and architect at CoreOS (RedHat), Heptio, and now VMware. He's been involved in architecture and engineering to help build compute platforms in financial institutions, establish edge compute to support 5g, and much more. Environments have ranged from enterprise-managed bare metal, to cloud-provider managed virtual machines.

Rich Lander was an early adopter of Docker and began running production workloads using containers in 2015. He learned the value of container orchestration the hard way and was running production applications on Kubernetes by version 1.3. Rich took that experience and subsequently worked at CoreOS (RedHat), Heptio and VMware as a field engineer helping enterprises in manufacturing, retail and various other industries adopt Kubernetes and cloud native technologies.

Alex Brand started working with Kubernetes in 2016, when he helped build one of the first open source Kubernetes installers at Apprenda. Since then, Alex has worked at Heptio and VMware, designing and building Kubernetes-based platforms for organizations across multiple industry verticals, including finance, healthcare, consumer, and more. As a software engineer at heart, Alex has also contributed to Kubernetes and other open source projects in the Cloud Native ecosystem.

John Harris has been working with Docker since 2014, consulting with many of the top Fortune 50 companies to help them successfully adopt container technologies and patterns. He brings experience in cloud-native architecture, engineering and DevOps practises to help companies of all sizes build robust Kubernetes platforms and applications. Prior to working at VMware (via Heptio), he was an architect at Docker advising some of their most strategic customers.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814920922546e.html
Märksõnad: