Kubernetes (K8S) is the industry standard for deploying, managing, operating container based distributed applications. It is proven in the most demanding production environments in the world. Internet scale companies such as Google, Netflix, EBay and many more depend on Kubernetes to quickly deploy applications and bring product to market faster.
In this bootcamp, we will cover all the essential concepts in Kubernetes. We will go through Kubernetes from the persective of two user personas.
- The Application Engineer that engineers the software solutions deployed to K8S.
- The Platform Engineer that provisions, configures and operates the platform (including cloud services, K8S, CI/CD, databases, message queues, caches, authentication providers, etc) that the Application engineers depends on to bring product to market.
We will also actually deploy a microservice based application to K8S. Using this reference application, we will learn K8S concepts in a more meaningful way - as if you were using K8S to deploy and manage a real application. We will cover scenarios such as:
- Continuous Integration/Continuous Deployment
- Blue/Green deployments
- Deploying multiple versions of your application to perform A/B testing
- Auto-scaling your application to deal with peak traffic demand
- Developing/testing/deploying your application - from your laptop to K8S - with focus on developer productivity
- RBAC (Role Based Access Control) to ensure Production environments are isolated from Dev/Test and QA.
- Many more.
By the end of this 2-day bootcamp, you will learn the following K8S concepts:
- Pods - the unit of deployment on K8S
- Services - how service discovery works in K8S
- Deployments - doing rolling updates, rollbacks, scaling out
- Storage - managing durable state with volumes, persistance volumes and persistent volume claims
- Secrets - externalizing secrets and passwords
- ConfigMaps - externalizing configuration from your applications
- Statefulsets - how to deploy stateful applications
- Jobs
- Daemon Sets
- Ingress and Ingress Controllers - key to controlling how requests originating from outside the cluster is routed to your services
- RBAC - locking down your K8S environment
- Monitoring and log aggregation
- Helm - packaging and deploying your application to K8S
- Setting up your environment
- Kubernetes Architecture
- Key components and what role they serve
- Key K8S resources and their purpose
- Quick overview of Kubernetes networking
- K8S as a dynamic platform and what that means
- The Todo list microservices application overview
- Deploying the application to K8S
- Making a change and doing a rolling-update
- Scaling out the application to deal with increased traffic
- Pods - the unit of deployment in K8S
- Defining the manifest
- What to consider when decomposing your application into pods
- Health checks and CPU, Memory requests and limits
- Services - How do pods find each other?
- Exposing your pods as services
- Using load-balancers and NodePorts to expose your pods to clients outside your cluster
- Accessing services external to your cluster. e.g. Azure CosmosDB service
- Deployments - Deployments enable you to perform rolling upgrades, rollback, and scale up/scale down your services.
- Storage - Volumes, Persistent Volumes, Persistence Volume Claims, Storage Classes.
- ConfigMaps - ConfigMaps enable you to define configuration that is accessible as environment variables, files in a volume or command line arguments.
- Ingress - Customizing the routing your published services.
- Deploying the nginx ingress controller
- Configuring routing to different version of your services
- Introduction to Helm - Package manager for K8S deployments.
- What is it and why you need it
- Deploying the Todo list application using Helm
- Charts and templates
- Sharing your charts
- Daemonsets - Running pods that need to run on all or some nodes continuously e.g. for log aggregation.
- Jobs - Deploying jobs on K8S.
- Statefulsets - Using statefulsets to deploy services that require role differentiation across the cluster. For example, mysql database with master and slaves.
- Advanced Scheduling - Controlling how your pods are scheduled to the nodes.
- Securing your cluster - Controlling access to your K8S cluster.
- K8S authn/authr model
- RBAC
- Roles and Role bindings
- Creating custom roles and role bindings to only allow access to a specific namespace (e.g. qa or dev)
- Pod Security Policies
- Monitoring and Log Aggregation
- Deploying Azure Log Analytics and OMS
- Deploying EFK (Elasticsearch, Fluentd, Kibana) for log aggregation, Prometheus and Grafana for monitoring
- Cluster Administration - Key cluster administration considerations.
- Extending K8S
- We will create our own K8S resource type and implement a custom controller using the "Operator" pattern
- Blue/Green and A/B Testing using Ambassador and Envoy Proxy
- We will deploy different versions of the todo-app to different namespaces then configure Envoy routing rules to route to the desired version
- Brief overview of other K8S tools and projects you should know about:
- Draft - Tool to help developers be productive building/testing applications on K8S
- Skaffold - Similar to Draft but takes different approach. Skaffold also supports multi-component apps which is very nice.
- Minikube - Local single node K8S cluster for development and learning.
- Conduit - A lighweight microservices service mesh that can be deployed to K8S. Provides intelligent load-balancing, telemetry and more!
- kubespray - Deploying K8S using ansible. Can be used to deploy on bare metal, on-premises VMs, various cloud providers.
- Why Kubernetes
- Large-scale cluster management at Google with Borg
- Borg, Omega and Kubernetes
- 12 Factor Application Principles
- Kubernetes Case Studies
- Gremlin - Chaos Engineering for Kubernetes
- Kubernetes in Action - Fantastic book! I use some diagrams and examples from this book.
- Kubernetes: Up And Running. Dive into the Future of Infrastructure - Excellent book by Kelsey Hightower and two of the creators of K8S, Brendan Burns & Joe Beda
- Virtual Kubelet - Virtual Kubelet is an open source project started by Microsoft. Virtual kubelet will enable serverless container runtimes such as Azure Container Instance or Fargate to be visible to a K8S cluster as a node.
- kube-ps1 - displays your current K8S context and namespace in your shell prompt!
- kubens & kubectx - quickly set the working context/namespace!