50 Kubernetes Concepts Every DevOps Engineer Should Know: Your go-to guide for making production-level decisions on how and why to implement Kubernetes

BIRMINGHAM—MUMBAI

50 Kubernetes Concepts Every DevOps Engineer Should Know

Copyright © 2023 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Rahul Nair

Publishing Product Manager: Niranjan Naikwadi

Senior Editor: Tanya D’cruz

Technical Editor: Rajat Sharma

Copy Editor: Safis Editing

Project Coordinator: Ashwin Kharwa

Proofreader: Safis Editing

Indexer: Rekha Nair

Production Designer: Nilesh Mohite

Senior Marketing Coordinator: Nimisha Dua

First published: February 2023

Production reference: 1130123

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80461-147-0

www.packtpub.com

To my son, Zachary, for one day, once you’re older, understanding why I work so hard, and to my mother for always being there to help out. To the community – thank you for enjoying the work that I put out and taking this journey with me.

– Michael Levan

Contributors

About the author

Michael Levan is a seasoned engineer and consultant in the Kubernetes space who spends his time working with start-ups and enterprises around the globe on Kubernetes and cloud-native projects. He also performs technical research, creates real-world, project-focused content, and coaches engineers on how to cognitively embark on their engineering journey. He is a DevOps pro, a HashiCorp Ambassador, and an AWS Community Builder, and loves helping the tech community by speaking internationally, blogging, and authoring technical books.

About the reviewer

Chad Crowell has been in the tech industry for 15 years, working as an Engineer, a DevOps Consultant, Kubernetes Instructor, and a Microsoft Certified Trainer. Chad has also authored the book Acing the Certified Kubernetes Administrator Exam. He is passionate about helping others overcome obstacles in their life and work, and embraces the community and open-source aspects of working in teams.

Table of Contents

Preface

Part 1: First 20 Kubernetes Concepts – In and Out of the Cloud

1

Kubernetes in Today’s World

Technical requirements

The shift to the cloud

Why organizations care about the cloud

What the cloud did for engineers

Kubernetes, the new cloud OS and data center

Kubernetes in the cloud

Why Kubernetes?

Kubernetes as a data center

Cloud-native apps and why they’re important

What cloud-native apps do for organizations

The world is cloud-based

Engineering talent is toward the cloud

Abstraction is easier, but with a twist

What abstraction does

What abstraction doesn’t do

Start slow and go fast

Understanding the engineering need for Kubernetes

Understanding the business need for Kubernetes

Planning is the hard part

Summary

Further reading

2

Getting the Ball Rolling with Kubernetes and the Top Three Cloud Platforms

Technical requirements

Azure Kubernetes Service

Creating an AKS cluster manually

Creating an AKS cluster with automation

Scaling an AKS cluster

AKS and Virtual Kubelet

Managing and maintaining AKS clusters

AWS EKS

Creating an EKS cluster manually

Creating an EKS cluster with Terraform

Scaling an EKS cluster

EKS Fargate profiles

GKE

Creating a GKE cluster with Terraform

GKE Autopilot

A quick note on multi-cloud

Summary

Further reading

3

Running Kubernetes with Other Cloud Pals

Technical requirements

Understanding Linode Kubernetes Engine

Why LKE?

Setting up LKE manually

Automating LKE deployments

Exploring DigitalOcean Managed Kubernetes

Why DigitalOcean Kubernetes Engine?

Setting up DigitalOcean Managed Kubernetes manually

Automating DigitalOcean Managed Kubernetes

What is Kubernetes PaaS and how does it differ?

OpenShift

OpenShift in the enterprise

Getting started with OpenShift Sandbox

OpenShift on AWS

Summary

Further reading

4

The On-Prem Kubernetes Reality Check

Technical requirements

Understanding operating systems and infrastructure

Kubeadm Deployment

System size

System location

Operating system

Troubleshooting on-prem Kubernetes clusters

Server logs and infrastructure troubleshooting

Network observability

Kubernetes metrics

crictl

kubectl

Introducing hybrid services

Azure Stack HCI

Google Anthos

A quick note about other infrastructure managers

Exploring networking and system components

kube-proxy

CNI

Kubernetes resource communication

DNS

Service mesh and Ingress

Getting to know virtualized bare metal

Virtualizing your environment

Where to run Kubernetes

Summary

Further reading

Part 2: Next 15 Kubernetes Concepts – Application Strategy and Deployments

5

Deploying Kubernetes Apps Like a True Cloud Native

Technical requirements

Understanding cloud-native apps

What’s a cloud-native app?

Cloud-specific cloud native

What are microservices?

Learning about Kubernetes app deployments

Kubernetes manifests

Controllers and operators

Different ways to deploy with higher-level controllers

Scaling

Multi-container Pods

Liveness and readiness probes

Exploring segregation and namespaces

Namespaces

Single tenancy

Multi-tenancy

Investigating stateless and stateful apps

Stateful versus stateless

Container Storage Interface

Volumes

Resource requests and limits

Upgrading Kubernetes apps

Types of upgrades

What happens to an app being upgraded?

Rolling updates

Rollbacks

Summary

Further reading

6

Kubernetes Deployment– Same Game, Next Level

Technical requirements

Getting to know Helm charts and Kustomize

Why think about deployment methods for manifests?

Helm charts

Kustomize

Deploying with CI/CD and GitOps

What is CI/CD?

Using CI/CD for Kubernetes deployments

What is GitOps?

Using GitOps for automated deployments

Production use cases for CI/CD and GitOps

Troubleshooting application deployments

Troubleshooting Pods

Troubleshooting Services

Troubleshooting Deployments

Service meshes and Ingresses

Why Ingress?

Why service meshes?

Summary

Further reading

Part 3: Final 15 Kubernetes Concepts – Security and Monitoring

7

Kubernetes Monitoring and Observability

Technical requirements

How is monitoring different than observability?

What’s monitoring?

What’s observability?

Monitoring versus observability examples

Monitoring and observability tools for Kubernetes

The Kubernetes Dashboard

Azure Monitor

AWS Container Insights

Grafana/Prometheus

Observability practices

Logging

Metrics

Traces

Monitoring Kubernetes resources

Monitoring Pods

Summary

Further reading

8

Security Reality Check

Technical requirements

Out-of-the-box Kubernetes security

Security breakdown

Kubernetes security

Investigating cluster security

Cluster hardening and benchmarks

System scanning

Cluster network security

Upgrading the Kubernetes API

Audit logging and troubleshooting

Understanding RBAC

What is RBAC?

Roles and ClusterRoles

RoleBindings and ClusterRoleBindings

Kubernetes resource (object) security

Pod security

Policy enforcement

Scanning container images

Kubernetes Secrets

Creating Kubernetes Secrets

Don’t use Kubernetes Secrets

Summary

Further reading

Index

Other Books You May Enjoy

Preface

The idea behind Kubernetes is to make engineers’ lives easier, right? Although true, there are pros and cons to every technology and platform. At the end of the day, Kubernetes does make handling containerization more efficient, but that doesn’t mean that it’s easy. Many organizations and engineers put in a lot of effort to truly get Kubernetes running the way it should run.

The goal of this book, and the overall 50 concepts, is to help mitigate some of these headaches. Although one book cannot mitigate every single issue that can occur, or make every single component work the way that it’s supposed to, the overall goal is to help you use Kubernetes in an easier fashion in production, with 50 key pieces ranging from cloud to on-prem to monitoring and security, and everything in between. The world is currently full of content and ways to teach you Kubernetes. This book is to help you make it to the next level.

Throughout this book, you’ll see everything from creating environments to deploying a service mesh and Kubernetes resources. I won’t lie – a lot of the topics in this book are literally books in themselves. Because of that, the explanations and overall pieces had to be trimmed down a bit. Because of that, you may not have all of the answers in this book, but it’ll give you an extremely good place to start your Kubernetes production journey.

With the 50 concepts in mind, you should be able to take what you learn here and ultimately expand on it in your production environment. Take what you learn, apply it, and ultimately, know which direction to go in to learn more about the concepts.

Who this book is for

This book is for the engineer that wants to use Kubernetes in production. Perhaps you’ve just learned the basics and beginner-level information about Kubernetes, and you’re now ready to make it to the next level. Maybe you’re getting ready to implement Kubernetes in production or test out containerized workloads for your environment. In either case, you can use this book as a source to showcase what you should be thinking about in production.

Think about this book as almost a guide. There’s theory, hands-on sections, and actual code that works from start to finish to create and deploy Kubernetes resources. As mentioned in the preface, this book can’t cover every single topic in depth, as many of the topics are books within themselves, but you can use it as a guide to deploy to production.

What this book covers

Chapter 1, Kubernetes in Today’s World, goes over, from a theoretical perspective, how you should think about Kubernetes in the current ecosystem – things such as why it’s important, what the whole idea of cloud native means, and what containerization as a whole is doing for engineers.

Chapter 2, Getting the Ball Rolling with Kubernetes and the Top Three Cloud Platforms, hits the ground running with cluster deployments. You’ll learn how to deploy Kubernetes clusters in Azure, AWS, and GCP. You’ll see from a UI/GUI perspective how to deploy the clusters with code. This chapter uses Terraform for Infrastructure as Code (IaC), as that’s currently the most popular method in production.

Chapter 3, Running Kubernetes with Other Cloud Pals, teaches you how to deploy the top three most popular managed Kubernetes services. However, that doesn’t mean those are the only methods. In this chapter, you’ll see a few more popular options that are used in production but are mostly used for testing production workloads, as they’re a bit cheaper from a cost perspective.

In today’s cloud-centric world, a lot of technical marketing and content that you see on social media doesn’t talk about on-prem. The reality is that on-prem, especially on-prem Kubernetes clusters, are still very much a thing. In Chapter 4, The On-Prem Kubernetes Reality Check, you’ll learn about how to think about on-prem from a theoretical perspective and a bit hands-on.

Chapter 5, Deploying Kubernetes Apps Like a True Cloud Native, starts your journey into deploying applications to the cloud. In the first few chapters, you learned about cluster management, which is drastically important but only one half of the puzzle. The second piece of the puzzle is actual Kubernetes resource deployment.

Starting off where you left off in the previous chapter, Chapter 6, Kubernetes Deployment – Same Game, Next Level, takes Kubernetes resource deployments to the next level. You’ll be introduced to concepts such as CI/CD, GitOps, and service mesh deployments. This is considered the advanced piece of Kubernetes resource deployments, which you’ll see a lot of in production.

Up until this point in the book, you’ve learned how to deploy and manage clusters and applications. Once clusters and apps are deployed, you then need to confirm that they’re running as expected. That’s where observability and monitoring come into play, which we will look at in Chapter 7, Kubernetes Monitoring and Observability.

To wrap up any Kubernetes production deployment, you need to think about one major element before any resource reaches production – security. Security is the make or break between a successful environment and a long weekend of putting out fires. In Chapter 8, Security Reality Check, you’ll learn the major components to secure a Kubernetes environment and a few key tools and platforms that you can use to make it happen.

To get the most out of this book

This book is a healthy combination of theory and hands-on. The reason for this is that theory is great, but if you don’t know how to implement it, it’s not going to be much use to you in production. To follow along with this book, you should have access to the major clouds, a few VMs, and perhaps a few dollars to spend on the environments.

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/50-Kubernetes-Concepts-Every-DevOps-Engineer-Should-Know. If there’s an update to the code, it will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/FQMAS.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system.

A block of code is set as follows:

terraform {

  required_providers {

    azurerm = {

      source  = hashicorp/azurerm

    }

  }

}

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

variable name {

       type =

string

       default = aksenvironment01

}

Any command-line input or output is written as follows:

sudo systemctl daemon-reload

sudo systemctl enable crio --now

Bold: Indicates a new term, an important word, or words that you see on screen. For instance, words in menus or dialog boxes appear in bold. Here is an example: Select System info from the Administration panel.

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read 50 Kubernetes Concepts Every DevOps Engineer Should Know, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

Scan the QR code or visit the link below

https://packt.link/free-ebook/9781804611470

Submit your proof of purchase

That’s it! We’ll send your free PDF and other benefits to your email directly

Part 1: First 20 Kubernetes Concepts – In and Out of the Cloud

When engineers first dive into Kubernetes, it can almost feel like a tool of sorts. You use it to run and deploy containers. However, that’s not the case. Kubernetes in itself is a platform. It’s almost like a subset of a methodology to run containers. Kubernetes, among many other platforms, is why the whole platform engineer title is becoming so popular. The DevOps space is moving away from thinking about just tools and focusing on the entire platform and environment.

With different platforms comes the question – where do you run it? The first set of concepts in the 50 concepts will be explained here with the overall architecture of Kubernetes.

Kubernetes is something that’s heavily utilized in the cloud, but it’s also heavily utilized on-premises. An example of this is certain regulatory requirements. I was recently chatting with a colleague that works in the defense space. Because of the obvious heavy security requirements that they have, along with the need to stay as close to certain areas as possible, using