Core Kubernetes
Jay Vyas and Chris Love
  • MEAP began November 2019
  • Publication in Early 2021 (estimated)
  • ISBN 9781617297557
  • 425 pages (estimated)
  • printed in black & white
From its humble beginnings a container orchestration system, Kubernetes has become the de facto infrastructure for cloud native applications. Kubernetes impacts every aspect of the application development lifecycle, from design through deployment. To build and operate reliable cloud native systems, you need to understand what’s going on below the surface. Core Kubernetes is packed with experience-driven insights and practical techniques, and takes you inside Kubernetes to teach you what you’ll need to know to keep your system running like a well-oiled machine and prevent those panicked 3 AM phone calls.

About the Technology

Kuberentes is a platform-independent layer for deploying scalable container-based applications. Kubernetes provides abstractions for clustering, replicating, and scaling system components in real time. It’s especially well-suited for microservices applications, where you can easily balance the load among services. Kubernetes has become a core component of cloud native applications, and all major cloud vendors now offer hosted versions of Kubernetes. Kubernetes was initially developed by Google and is now governed as an open source project by the Cloud Native Computing Foundation (CNCF).

About the book

Core Kubernetes is a reference guide designed to teach operators, SREs, and developers how to improve reliability and performance of Kubernetes-based systems. In it, Kubernetes experts Chris Love and Jay Vyas provide a guided tour through all major aspects of Kubernetes, from managing iptables to setting up dynamically scaled clusters that respond to changes in load. You’ll understand the unique security concerns of container-based applications, discover tips to minimize costly unused capacity, and get pro tips for maximizing performance. This awesome collection of undocumented internals, expert techniques, and practical guidance has invaluable information you won’t find anywhere else.
Table of Contents detailed table of contents

1 Why Kubernetes

1.1 The age of the container

1.1.1 Why Kubernetes Exists: A Simple Application is not so simple

1.2 Kubernetes’ features

1.2.1 An example in scaling an application in Kubernetes

1.3 Kubernetes components and architecture

1.3.1 Kubernetes is a cluster of computers

1.3.2 The Node

1.3.3 Controllers and control loops

1.3.4 What’s in a Node? Kubelet + CNI + CRI

1.3.5 Asynchrony at the heart of Kubernetes

1.3.6 What exactly is a PodSandbox?

1.3.7 The pause container

1.3.8 The control plane

1.3.9 Control plane components

1.4 When to not use Kubernetes or containers in general

1.5 Summary

1.6 Further reading

2 What is a Pod? A brief jaunt into Kubernetes objects

2.1 The anatomy of a Pod

2.2 Deployments, the most common source of Pods

2.3 StatefulSets

2.3.1 ServiceNames, VolumeClaimTemplates, and introspection of Pod IP addresses

2.4 DaemonSets

2.4.1 Kube-proxy and CoreDNS: When you do (and don’t) need a DaemonSet

2.5 Jobs

2.5.1 Job termination and cleanup

2.6 Init Containers

2.6.1 Pods: Taints and tolerations

2.7 Prioritizing Pods

2.8 Setting Cluster Resource Usage: Resource Quotas

2.9 Summary

3 Linux primitives: The basic Linux building blocks

3.1 An example of why primitives matter: Load balancing is still hard

3.2 Namespaces: In Kubernetes and Linux

3.2.1 Isolation and Linux namespaces

3.3 Exploring iptables: A quintessential Linux primitive

3.3.1 Networking: Difference between a kubelet, and a hypervisor

3.3.2 How does iptables relate to my day job?

3.4 Primitives in action: nscenter and socat

3.5 File namespaces

3.5.1 Mount and containers

3.6 BPF: Obviating other primitives over time?

3.6.1 A quick TCPDump Example

3.6.2 Ok, back to BPF (or is it eBPF)?

3.7 Summary

3.8 Further reading

4 Containers, images, and image layers

4.1 Images and Layers

4.2 Open Container Initiative and Image Specification

4.2.1 A few takeaways on images

4.3 Layered filesystems

4.4.1 Docker

4.4.2 Containerd

4.4.3 RunC

4.4.4 CRI-O

4.4.5 LXD/LXC

4.5 Scratch container images and Alpine

4.5.1 Why isn’t everything a scratch image?

4.6 Image layers: Evolving from operating system primitives

4.6.1 Moving copy-on-write out of the operating system

4.7 Summary

4.8 Further reading

5 iptables

5.1 Ethernet devices

5.2 Why iptables?

5.3 iptables and Netfilter

5.3.1 iptables tables

5.3.2 iptables chains

5.3.3 Table and chain relationship

5.3.4 Hacking around with iptables

5.4 How much should I understand about Kubernetes networking?

5.5 A quick aside: kube-proxy and CNI providers

5.5.1 A quick example of how container networking works

5.5.2 Docker without Kubernetes

5.5.3 Kubernetes using the Calico networking plugin

5.6 The Kubernetes chains

5.7 Basic examples

5.7.1 Example 1: Identifying restrictive IP rules

5.7.2 Example 2: Relaxing DROP restrictions

5.7.3 Example 3: Enabling HTTP connection completion

5.7.4 Example 4: Allowing loopback

5.7.5 Example 5: Making iptables into a TCP load balancer

5.8 Summary

5.9 Further Reading

6 Lab: Building Kubernetes

6.1 General Prerequisites for all Labs

6.1.1 Installing Docker

6.1.2 Installing Go

6.1.3 Installing kubectl

6.2 Setting up kind

6.2.1 Installing kind

6.2.2 Verifying the cluster

6.3 Summary

7 Lab: iptables

7.1 Prerequisites

7.2 Running Kubernetes

7.3 Download Manifests

7.4 Running the lab

7.5 Impact

7.6 Follow-ups

7.7 Summary

8 cgroups and systemd slices: Coevolved process management

8.1 A quick example of life without cgroups

8.2 Linux namespaces and cgroups

8.3 How this relates to Kubernetes

8.3.1 cgroups tell us the true nature of a Pod

8.3.2 Systemd provides us with insight into container management

8.4 Pods and cgroups

8.4.1 We told you! cgroups are hierarchical

8.5 cgroups and security

8.6 Allocatable resources

8.6.1 Linux namespaces

8.7 cgroups and Kubernetes in detail

8.7.1 Memory

8.7.2 Huge pages

8.7.3 CPU limits

8.7.4 QoS classes: Why they matter, and how they work

8.7.5 A note about process hierarchies

8.7.6 The Role of Systemd Notify Services in a Kubernetes Cluster

8.8 Summary

8.9 Further Reading

9 Lab: cgroups

9.1 Prerequisites

9.1.1 Running the lab

9.2 Impact

9.3 Follow Ups

9.4 Summary

10 kubelet and CRI

10.1 kubelet and the Node

10.2 Container runtimes: standards and conventions

10.3 Linux primitives + containerd = kubelet

10.4 kubelet in depth

10.4.1 What happens when you start up a kubelet

10.4.2 After startup: Node lifecycle

10.4.3 Leasing and locking in etcd, and the evolution of the node-lease

10.4.4 kubelet’s management of Pod lifecycle

10.5.1 kubelet doesn’t run containers: That is CRI’s job

10.5.2 Pause container: An ah-ha moment

10.6 The Container Runtime Interface

10.6.1 Two options tell Kubernetes where your container runtime lives

10.6.2 The CRI routines

10.6.3 kubelet’s abstraction around CRI: The GenericRuntimeManager

10.6.4 How is the CRI invoked?

10.7 kubelet’s interfaces

10.7.1 The runtime internal interface

10.7.2 How kubelet pulls images

10.7.3 How to give ImagePullSecrets to kubelet

10.8 Summary

10.9 Further reading

11 Diving into the CSI storage implementation

12 Storage implementation and storage modeling

13 Lab: Storage

14 Kubernetes Networking

15 Domain Name Service (DNS)

16 Lab: Grokking DNS

17 Etcd and the Control Plane

18 Lab: Etcd

19 Installing applications

20 Cluster conception

21 Cluster API

22 Lab: Cl2uster API

23 Authentication and authorization

24 Kubernetes Security practices

25 Service Mesh’s: what are they, and how are they different?

26 Informers and Controllers are the heartbeat of a Kubernetes Cluster

27 Scheduling and metrics

28 Advanced devices and scheduling in Kubernetes

29 Kubectl

30 Trust, CFSSL, and Service APIs

What's inside

  • Kubernetes base components
  • Kubernetes networking
  • Storage and the Container Storage Interface
  • External load balancing and ingress
  • Kubernetes security
  • Different ways of creating a Kubernetes cluster
  • Configuring Kubernetes to use a GPU

About the reader

Written for readers with a working knowledge of Kubernetes and microservices applications.

About the authors

After earninghis PhD, Jay Vyas started his career contributing to Kubernetes' core features at RedHat, and next, he focused on helping multiple companies migrate to Cloud-Native solutions. He now resides at VMWare, once again contributing to Kubernetes and associated projects. When not coding, Jay likes to play with his video games, his synthesizers, and hang out in his Pod.

As a thought leader in the Kubernetes and DevOps segment, Chris Love is a founder of multiple technology companies with over 20 years’ experience in software engineering. A Google Cloud Certified Fellow, Chris has contributed to several open-source projects including Kubernetes, Bazel, and Terraform. He enjoys speaking around the world about DevOps and Kubernetes and practices martial arts in his free time.


placing your order...

Don't refresh or navigate away from the page.
Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
print book $24.99 $59.99 pBook + eBook + liveBook
Additional shipping charges may apply
Core Kubernetes (print book) added to cart
continue shopping
go to cart

eBook $19.99 $47.99 3 formats + liveBook
Core Kubernetes (eBook) added to cart
continue shopping
go to cart

Prices displayed in rupees will be charged in USD when you check out.

FREE domestic shipping on three or more pBooks