Kubernetes in Action, Second Edition you own this product

Marko Lukša, Kevin Conner

MEAP began February 2020
Last updated September 2025
Publication in December 2025 (estimated)

ISBN 9781617297618
704 pages (estimated)

Included with a Manning Online subscription

printed in black & white

available in Korean, Simplified Chinese

catalog / Software Development / Cloud / Containerization / Kubernetes

table of content

PART 1: GETTING STARTED WITH KUBERNETES

1 Introducing Kubernetes

1.1 Introducing Kubernetes

1.1.1 Kubernetes in a nutshell

1.1.2 About the Kubernetes project

1.1.3 Understanding why Kubernetes is so popular

1.2 Understanding Kubernetes

1.2.1 Understanding how Kubernetes transforms a computer cluster

1.2.2 The benefits of using Kubernetes

1.2.3 The architecture of a Kubernetes cluster

1.2.4 How Kubernetes runs an application

1.3 Introducing Kubernetes into your organization

1.3.1 Running Kubernetes on-premises and in the cloud

1.3.2 To manage or not to manage Kubernetes yourself

1.3.3 Using vanilla or extended Kubernetes

1.3.4 Should you even use Kubernetes?

1.4 Summary

2 Understanding Containers and Containerized Applications

2.1 Introducing containers

2.1.1 Comparing containers to virtual machines

2.1.2 Introducing the Docker container platform

2.1.3 Installing Docker and running a Hello World container

2.1.4 Introducing the Open Container Initiative and Docker alternatives

2.2 Deploying the Kubernetes in Action Demo Application (Kiada)

2.2.1 Introducing the Kiada Application

2.2.2 Building the application

2.2.3 Running the container

2.2.4 Distributing the container image

2.2.5 Stopping, resuming, and deleting the container

2.3 Understanding containers

2.3.1 Customizing the process environment with Kernel Namespaces

2.3.2 Exploring the environment of a running container

2.3.3 Limiting the resources available to a process using cgroups

2.3.4 Strengthening isolation between containers

2.4 Summary

3 Deploying Your First Application on Kubernetes

3.1 Deploying a Kubernetes cluster

3.1.1 Using the built-in Kubernetes cluster in Docker Desktop

3.1.2 Running a local cluster using Minikube

3.1.3 Running a local cluster using kind (Kubernetes in Docker)

3.1.4 Creating a managed cluster with Google Kubernetes Engine

3.1.5 Creating a cluster using Amazon Elastic Kubernetes Service

3.1.6 Deploying a multi-node cluster from scratch

3.2 Interacting with Kubernetes

3.2.1 Setting up kubectl - the Kubernetes command-line client

3.2.2 Configuring kubectl to use a specific Kubernetes cluster

3.2.3 Using kubectl

3.2.4 Interacting with Kubernetes through web dashboards

3.3 Running your first application on Kubernetes

3.3.1 Deploying your application

3.3.2 Exposing your application to the world

3.3.3 Horizontally scaling the application

3.3.4 Understanding the deployed application

3.4 Summary

4 Navigating the Kubernetes API and Object Model

4.1 Getting familiar with the Kubernetes API

4.1.1 Introducing the API

4.1.2 Understanding the structure of an object manifest

4.2 Examining an object’s individual properties

4.2.1 Exploring the full manifest of a Node object

4.2.2 Understanding individual object fields

4.2.3 Understanding an object’s status conditions

4.2.4 Inspecting objects using the kubectl describe command

4.3 Observing cluster events via Event objects

4.3.1 Introducing the Event object

4.3.2 Examining the YAML of the Event object

4.4 Summary

PART 2: RUNNING APPLICATIONS ON KUBERNETES

5 Running Applications with Pods

5.1 Understanding pods

5.1.1 Understanding the purpose of pods

5.1.2 Organizing containers into pods

5.2 Creating pods from YAML or JSON files

5.2.1 Creating a YAML manifest for a pod

5.2.2 Creating the Pod object from the YAML file

5.2.3 Checking the newly created pod

5.3 Interacting with the application and the pod

5.3.1 Sending requests to the application in the pod

5.3.2 Viewing application logs

5.3.3 Attaching to a running container

5.3.4 Executing commands in running containers

5.3.5 Copying files to and from containers

5.3.6 Debugging pods using ephemeral containers

5.4 Running multiple containers in a pod

5.4.1 Extending the Kiada Node.js application using the Envoy proxy

5.4.2 Adding Envoy proxy to the pod

5.4.3 Interacting with the two-container pod

5.5 Running additional containers at pod startup

5.5.1 Introducing init containers

5.5.2 Adding init containers to a pod

5.5.3 Inspecting init containers

5.5.4 Kubernetes-native sidecar containers

5.6 Deleting pods and other objects

5.6.1 Deleting a pod by name

5.6.2 Deleting objects defined in manifest files

5.6.3 Deleting all pods

5.6.4 Deleting objects using the “all” keyword

5.7 Summary

6 Managing the Pod Lifecycle and Container Health

6.1 Understanding the pod’s status

6.1.1 Understanding the pod phase

6.1.2 Understanding pod conditions

6.1.3 Understanding the container status

6.2 Keeping containers healthy

6.2.1 Understanding container auto-restart

6.2.2 Checking the container’s health using liveness probes

6.2.3 Creating an HTTP GET liveness probe

6.2.4 Observing the liveness probe in action

6.2.5 Using the exec and the tcpSocket liveness probe types

6.2.6 Using a startup probe when an application is slow to start

6.2.7 Creating effective liveness probe handlers

6.3 Executing actions at container start-up and shutdown

6.3.1 Using post-start hooks to perform actions when the container starts

6.3.2 Using pre-stop hooks to run a process just before the container terminates

6.4 Understanding the pod lifecycle

6.4.1 Understanding the initialization stage

6.4.2 Understanding the run stage

6.4.3 Understanding the termination stage

6.4.4 Visualizing the full lifecycle of the pod’s containers

6.5 Summary

7 Organizing Pods and Other Resources using Namespaces and Labels

7.1 Organizing objects into Namespaces

7.1.1 Listing namespaces and the objects they contain

7.1.2 Creating namespaces

7.1.3 Managing objects in other namespaces

7.1.4 Understanding the (lack of) isolation between namespaces

7.1.5 Deleting namespaces

7.2 Organizing Pods with labels

7.2.1 Introducing labels

7.2.2 Adding labels to Pods

7.2.3 Label syntax rules

7.2.4 Using standard label keys

7.3 Filtering objects with label selectors

7.3.1 Using label selectors for object management with kubectl

7.3.2 Using label selectors in object manifests

7.4 Filtering objects with field selectors

7.4.1 Using a field selector in kubectl

7.4.2 Using field selectors in object manifests

7.5 Annotating objects

7.5.1 Introducing object annotations

7.5.2 Adding annotations to objects

7.5.3 Inspecting an object’s annotations

7.5.4 Updating and removing annotations

7.6 Summary

PART 3: MANAGING APPLICATION CONFIGURATION AND STORAGE

8 Configuring Applications with ConfigMaps and Secrets

8.1 Setting the command, arguments, and environment variables

8.1.1 Setting the command and arguments

8.1.2 Setting environment variables in a container

8.2 Using a ConfigMap to decouple configuration from the Pod manifest

8.2.1 Introducing ConfigMaps

8.2.2 Creating a ConfigMap object

8.2.3 Injecting ConfigMap values into environment variables

8.2.4 Updating and deleting ConfigMaps

8.3 Using Secrets to pass sensitive data to containers

8.3.1 Introducing Secrets

8.3.2 Creating a Secret

8.3.3 Using Secrets in containers

8.3.4 Understanding why Secrets aren’t always secure

8.4 Exposing metadata to containers via the Downward API

8.4.1 Introducing the Downward API

8.4.2 Injecting Pod metadata into environment variables

8.5 Summary

9 Adding Volumes for Storage, Configuration, and Metadata

9.1 Introducing volumes

9.1.1 Understanding when to use a volume

9.1.2 Understanding how volumes fit into pods

9.2 Using an emptyDir volume

9.2.1 Persisting files across container restarts

9.2.2 Initializing an emptyDir volume

9.2.3 Sharing files between containers

9.3 Mounting a container image as a volume

9.3.1 Introducing the image volume type

9.4 Accessing files on the worker node’s filesystem

9.4.1 Introducing the hostPath volume

9.4.2 Using a hostPath volume

9.5 ConfigMap, Secret, Downward API, and Projected volumes

9.5.1 Using a configMap volume to expose ConfigMap entries as files

9.5.2 How configMap volumes work

9.5.3 Using Secret volumes

9.5.4 Setting file permissions and ownership in a secret/configMap volume

9.5.5 Using a downwardAPI volume to expose pod metadata as files

9.5.6 Using projected volumes to combine volumes into one

9.6 Other volume types at a glance

9.7 Summary

10 Persisting Data with PersistentVolumes

10.1 Introducing persistent storage in Kubernetes

10.1.1 Introducing PersistentVolumeClaims and PersistentVolumes

10.1.2 Dynamic vs. Static provisioning of PersistentVolumes

10.2 Dynamically provisioning a PersistentVolume

10.2.1 Creating a PersistentVolumeClaim

10.2.2 Using PersistentVolumeClaims

10.2.3 Deleting a PersistentVolumeClaim and PersistentVolume

10.2.4 Understanding access modes

10.2.5 Understanding StorageClasses

10.2.6 About CSI drivers

10.3 Statically provisioning a PersistentVolume

10.3.1 Creating a node-local PersistentVolume

10.3.2 Claiming a pre-provisioned PersistentVolume

10.3.3 Releasing and recycling a manually provisioned PersistentVolume

10.4 Managing PersistentVolumes

10.4.1 Resizing PersistentVolumeClaims

10.4.2 Creating a snapshot of a PersistentVolumeClaim

10.4.3 Restoring a PersistentVolume from a snapshot

10.5 Creating ephemeral PersistentVolumes for individual Pods

10.5.1 Introducing the ephemeral volume type

10.5.2 Understanding the benefits of using an ephemeral volume

10.6 Summary

PART 4: CONNECTING AND EXPOSING APPLICATIONS

11 Exposing Pods with Services

11.1 Exposing pods via services

11.1.1 Introducing services

11.1.2 Creating and updating services

11.1.3 Accessing cluster-internal services

11.2 Exposing services externally

11.2.1 Exposing pods through a NodePort service

11.2.2 Exposing a service through an external load balancer

11.2.3 Configuring the external traffic policy for a service

11.3 Managing service endpoints

11.3.1 Introducing the Endpoints object

11.3.2 Introducing the EndpointSlice object

11.3.3 Managing service endpoints manually

11.4 Understanding DNS records for Service objects

11.4.1 Inspecting a service’s A and SRV records in DNS

11.4.2 Using headless services to connect to pods directly

11.4.3 Creating a CNAME alias for an existing service

11.5 Configuring services to route traffic to nearby endpoints

11.5.1 Forwarding traffic only within the same node with internalTrafficPolicy

11.5.2 Topology-aware hints

11.6 Managing the inclusion of a pod in service endpoints

11.6.1 Introducing readiness probes

11.6.2 Adding a readiness probe to a pod

11.6.3 Implementing real-world readiness probes

11.7 Summary

12 Using Ingress to Route Traffic to Services

12.1 Introducing Ingresses

12.1.1 Introducing the Ingress object kind

12.1.2 Introducing the Ingress controller and the reverse proxy

12.1.3 Installing an ingress controller

12.2 Creating and using Ingress objects

12.2.1 Exposing a service through an Ingress

12.2.2 Path-based ingress traffic routing

12.2.3 Using multiple rules in an Ingress object

12.2.4 Setting the default backend

12.3 Configuring TLS for an Ingress

12.3.1 Configuring the Ingress for TLS passthrough

12.3.2 Terminating TLS at the ingress

12.4 Additional Ingress configuration options

12.4.1 Configuring the Ingress using annotations

12.4.2 Configuring the Ingress using additional API objects

12.5 Using multiple ingress controllers

12.5.1 Introducing the IngressClass object kind

12.5.2 Specifying the IngressClass in the Ingress object

12.5.3 Adding parameters to an IngressClass

12.6 Using custom resources instead of services as backends

12.6.1 Using a custom object to configure Ingress routing

12.7 Summary

13 Routing Traffic using the Gateway API

13.1 Introducing the Gateway API

13.1.1 Comparing Gateway API to Ingress

13.1.2 Understanding the Gateway API implementation

13.1.3 Deploying Istio as the Gateway API provider

13.2 Deploying a Gateway

13.2.1 Understanding gateway classes

13.2.2 Creating a Gateway object

13.2.3 Exploring the Gateway’s status

13.3 Exposing HTTP services using HTTPRoute

13.3.1 Creating a simple HTTPRoute

13.3.2 Splitting traffic between multiple backends

13.3.3 Routing HTTP requests to different backends

13.3.4 Augmenting HTTP traffic with filters

13.4 Configuring a gateway for TLS

13.4.1 Terminating TLS sessions at the Gateway

13.4.2 End-to-end encryption using TLSRoutes and pass-through TLS

13.5 Exposing other types of Services

13.5.1 Exposing a TCP service with a TCPRoute

13.5.2 UDPRoute

13.5.3 GRPCRoute

13.6 Using Gateway API resources across Namespaces

13.6.1 Sharing a Gateway across Namespaces

13.6.2 Routing to a Service in a different Namespace

13.7 From ingress gateways to service mesh

13.8 Summary

PART 5: MANAGING APPLICATIONS WITH CONTROLLERS

14 Scaling and Maintaining Pods with ReplicaSets

14.1 Introducing ReplicaSets

14.1.1 Creating a ReplicaSet

14.1.2 Inspecting a ReplicaSet and its Pods

14.1.3 Understanding Pod ownership

14.2 Updating a ReplicaSet

14.2.1 Scaling a ReplicaSet

14.2.2 Updating the Pod template

14.3 Understanding the operation of the ReplicaSet controller

14.3.1 Introducing the reconciliation control loop

14.3.2 Understanding how the ReplicaSet controller reacts to Pod changes

14.3.3 Removing a Pod from the ReplicaSet’s control

14.4 Deleting a ReplicaSet

14.4.1 Deleting a ReplicaSet and all associated Pods

14.4.2 Deleting a ReplicaSet while preserving the Pods

14.5 Summary

15 Automating Application Updates with Deployments

15.1 Introducing Deployments

15.1.1 Creating a Deployment

15.1.2 Scaling a Deployment

15.1.3 Deleting a Deployment

15.2 Updating a Deployment

15.2.1 The Recreate strategy

15.2.2 The RollingUpdate strategy

15.2.3 Configuring how many Pods are replaced at a time

15.2.4 Pausing the rollout process

15.2.5 Updating to a faulty version

15.2.6 Rolling back a Deployment

15.3 Implementing other deployment strategies

15.3.1 The Canary deployment strategy

15.3.2 The A/B strategy

15.3.3 The Blue/Green strategy

15.3.4 Traffic shadowing

15.4 Summary

16 Handling Stateful Applications with StatefulSets

16.1 Introducing StatefulSets

16.1.1 Understanding stateful workload requirements

16.1.2 Comparing StatefulSets with Deployments

16.1.3 Creating a StatefulSet

16.1.4 Inspecting the StatefulSet, Pods, and PersistentVolumeClaims

16.1.5 Understanding the role of the headless Service

16.2 Understanding StatefulSet behavior

16.2.1 Understanding how a StatefulSet replaces missing Pods

16.2.2 Understanding how a StatefulSet handles node failures

16.2.3 Scaling a StatefulSet

16.2.4 Changing the PersistentVolumeClaim retention policy

16.2.5 Using the OrderedReady Pod management policy

16.3 Updating a StatefulSet

16.3.1 Using the RollingUpdate strategy

16.3.2 RollingUpdate with partition

16.3.3 OnDelete strategy

16.4 Managing stateful applications with Kubernetes Operators

16.4.1 Deploying the MongoDB community operator

16.4.2 Deploying MongoDB via the operator

16.4.3 Cleaning up

16.5 Summary

17 Deploying Per-Node Workloads with DaemonSets

17.1 Introducing DaemonSets

17.1.1 Understanding the DaemonSet object

17.1.2 Deploying Pods with a DaemonSet

17.1.3 Deploying to a subset of Nodes with a node selector

17.1.4 Updating a DaemonSet

17.1.5 Deleting the DaemonSet

17.2 Special features in Pods running node agents and daemons

17.2.1 Giving containers access to the OS kernel

17.2.2 Accessing the node’s filesystem

17.2.3 Using the node’s network and other namespaces

17.2.4 Marking daemon Pods as critical

17.3 Communicating with the local daemon Pod

17.3.1 Binding directly to a host port

17.3.2 Using the node’s network stack

17.3.3 Using a local Service

17.4 Summary

18 Batch Processing with Jobs and CronJobs

18.1 Running tasks with the Job resource

18.1.1 Introducing the Job resource

18.1.2 Running a task multiple times

18.1.3 Understanding how Job failures are handled

18.1.4 Parameterizing Pods in a Job

18.1.5 Running Jobs with a work queue

18.1.6 Communication between Job Pods

18.1.7 Sidecar containers in Job pods

18.2 Scheduling Jobs with CronJobs

18.2.1 Creating a CronJob

18.2.2 Configuring the schedule

18.2.3 Suspending and resuming a CronJob

18.2.4 Automatically removing finished Jobs

18.2.5 Setting a start deadline

18.2.6 Handling Job concurrency

18.2.7 Deleting a CronJob and its Jobs

18.3 Summary

Overview

1 Introducing Kubernetes

This chapter sets the stage for learning Kubernetes by explaining the problems it solves, where it came from, and how it changes the way you build and run applications.

Origins and motivation

Kubernetes emerged from Google’s experience operating large-scale, containerized workloads (inspired by internal systems like Borg and Omega). It addresses the operational challenges that arise once you adopt containers broadly: scheduling containers onto machines, handling failures, exposing services reliably, scaling up and down, rolling out changes safely, and keeping the actual system aligned with a declared desired state.

Why Kubernetes has seen wide adoption

Portability and consistency across environments (laptop, on-prem, cloud) via containers and declarative APIs.
Resilience and self-healing through automatic restarts, rescheduling, and replication.
Scalability via horizontal scaling and efficient bin packing across a cluster.
Operational velocity with rolling updates, rollbacks, and automation-friendly workflows.
Rich ecosystem and extensibility (open source community, controllers, operators, add-ons).

How Kubernetes transforms your data center

Abstracts a fleet of machines into a single, shared, multi-tenant cluster, turning infrastructure into a programmable platform.
Shifts operations from imperative scripts to declarative configuration and reconciliation loops.
Encourages microservices, immutable artifacts, and GitOps-style delivery, improving repeatability and auditability.
Standardizes cross-cutting concerns (discovery, config, secrets, autoscaling) and promotes automation over ticket-driven operations.

Architecture and operation overview

Kubernetes is a control-plane-driven system with a clear separation between desired state and actual state:

Control plane: API server (front door and state machine), a strongly consistent store (etcd), the scheduler (assigns pods to nodes), and controllers (reconcile objects to their desired state).
Nodes: run workloads via a container runtime; kubelet ensures pods on the node match what the API declares; kube-proxy handles service-level networking.
Core API objects: Pods (smallest deployable unit), Deployments and ReplicaSets (versioning and scaling), Services (stable networking), Namespaces (multi-tenancy), ConfigMaps and Secrets (configuration), plus Jobs, CronJobs, DaemonSets, and more.
Operation model: you submit declarative manifests; controllers continuously compare desired state to reality and act to converge the system (scheduling, rescheduling, restarting, scaling, and updating).

Integrating Kubernetes into your organization

Assess fit: Kubernetes shines for many services, microservices, and teams needing portability and automation; for small, simple apps, a PaaS or serverless platform may suffice.
Start pragmatic: begin with a pilot, prefer managed Kubernetes where possible, and adopt incremental patterns (namespaces, RBAC, resource quotas).
Evolve delivery: standardize on container images, CI/CD pipelines, declarative manifests, and progressive delivery (rolling updates, canaries).
Prepare foundations: observability (logs/metrics/traces), policy and security (admission controls, secrets management), and cost/efficiency practices (autoscaling, requests/limits).

Key takeaways

Kubernetes provides a consistent, declarative control plane for deploying and operating containers at scale.
Its reconciliation-driven model, extensibility, and ecosystem underpin its broad adoption.
Adopting Kubernetes is as much an organizational and process shift as it is a technical one—start small, automate relentlessly, and build platform capabilities over time.

1.1 Introducing Kubernetes

Kubernetes, named after the Greek word for helmsman, is designed to steer applications while you set the destination. It automates deployment, scaling, and day-to-day operations for containerized workloads so teams can focus on business logic rather than infrastructure details.

How to pronounce and shorthand

Common pronunciations include “Koo-ber-netties” and “Koo-ber-nay-tace.”
Often referred to as Kube or K8s (“Kates”), where 8 is the count of omitted letters.

Kubernetes in a nutshell

Abstracts away infrastructure: Applications are deployed to Kubernetes, not to individual machines, hiding servers, networks, and other components behind a consistent interface.
Standardizes deployment: The same manifest can target on-premises and any cloud; Kubernetes bridges environment differences so teams deploy uniformly everywhere.
Declarative model: You describe the desired state of your application; Kubernetes realizes and continuously reconciles the running system to match that description, applying changes automatically when manifests are updated.
Automated operations: Handles restarts, rescheduling on hardware failures, and adapts to topology changes, freeing engineers to focus on higher-level concerns.

About the Kubernetes project

Origins at Google: Built from experience running containers at massive scale (thousands of machines, global data centers), where automation is indispensable.
Predecessors: Internal systems Borg and Omega enabled efficient development, operation, and high infrastructure utilization—critical at large scale.
Open source since 2014: Rapidly adopted and co-developed by many organizations and thousands of contributors; now one of the leading open-source projects.
Enterprise offerings: Numerous commercial distributions (e.g., OpenShift, PKS, Rancher) package Kubernetes for production use.
Cloud-native ecosystem: Sparked a wide ecosystem under the CNCF and large global conferences, reflecting broad industry impact and adoption.

Note

Estimates of Google’s energy use suggest operation of around 900,000 servers.

Why Kubernetes is so popular

Microservices at scale: Breaking monoliths into many services increases operational complexity. Containers isolate dependencies, but multiply units to manage. Kubernetes automates deployment, scaling, communication, and resilience across hundreds of services.
DevOps alignment: Developers and operators collaborate across the software lifecycle; Kubernetes shields teams from low-level infrastructure while enabling shared operational responsibility.
Cloud standardization: By targeting Kubernetes APIs instead of cloud-specific ones, organizations reduce lock-in and can move workloads more easily across providers. Major clouds offer first-class Kubernetes support, making a single operational model portable.

1.2 Understanding Kubernetes

1.2.1 Understanding how Kubernetes transforms a computer cluster

Kubernetes is like an operating system for computer clusters

Kubernetes acts as the cluster’s operating system: it schedules distributed application components across machines and provides a uniform interface between apps and the underlying infrastructure. Developers offload cross-cutting concerns to Kubernetes and focus on business logic.

Service discovery
Horizontal scaling
Load balancing
Self-healing (restart and reschedule on failures)
Leader election

How Kubernetes fits into a computer cluster

Clusters are split into master (Control Plane) and worker (Workload Plane) nodes. The Control Plane manages and controls the cluster; worker nodes run application workloads. Production-grade, highly available clusters replicate Control Plane components across at least three masters.

How all cluster nodes become one large deployment area

After installation, all worker nodes form a single logical deployment surface. You deploy to the cluster via the Kubernetes API without choosing specific machines. Kubernetes may move workloads between nodes to maintain health and optimize placement. Each workload instance must still fit within a single node’s resources.

1.2.2 The benefits of using Kubernetes

Self-service deployment of applications

Developers can deploy without coordinating with administrators. Kubernetes selects suitable nodes based on resource requirements and availability.

Reducing costs via better infrastructure utilization

Kubernetes efficiently packs workloads and can relocate them to free capacity for others, improving hardware utilization and reducing costs.

Automatically adjusting to changing load

Kubernetes scales applications horizontally based on metrics and, on cloud platforms, can also scale the cluster itself by adding nodes.

Keeping applications running smoothly

Kubernetes automatically restarts failed processes and reschedules workloads off failed nodes, reducing operational toil and enabling calm incident response.

Simplifying application development

Built-in primitives replace custom infrastructure code (discovery, leader election, config, etc.). Apps can stay Kubernetes-agnostic yet optionally query or modify their environment via the API.

1.2.3 The architecture of a Kubernetes cluster

A Kubernetes cluster comprises:

Control Plane on master nodes: the system’s brain, managing desired and current state
Workload Plane on worker nodes: where application workloads run

Control Plane components

API Server: exposes the Kubernetes REST API
etcd: distributed datastore for cluster state (accessed only by the API Server)
Scheduler: assigns workloads to worker nodes
Controllers: reconcile objects to desired state; some interface with external systems

The Control Plane defines and maintains state; it does not run your application processes.

Worker node components

Kubelet: node agent that manages local workloads and reports status
Container Runtime: runs containers (Docker or any compatible runtime)
Kube Proxy: provides in-cluster service networking and load balancing

Add-on components

Common add-ons include DNS, network plugins, and logging agents, typically running on workers (optionally masters).

1.2.4 How Kubernetes runs an application

Defining your application

Everything is an API object. You define applications with manifests (YAML or JSON) that specify deployments, replicas, services, and more.

YAML: human-readable serialization format
JSON: widely used data-interchange format

End-to-end workflow

You submit manifests (often via kubectl) to the API Server.
The API Server validates and persists objects to etcd and notifies interested components.
Controllers create lower-level objects (e.g., per-instance objects) to realize the desired state.
The Scheduler assigns each instance to a suitable worker node.
The Kubelet on the chosen node starts containers via the Container Runtime and keeps them healthy.
Kube Proxy configures networking to expose services and load-balance across instances.
Controllers and Kubelets continuously reconcile and heal the system, rescheduling on node failures and restarting crashed processes.

Treat this as a conceptual overview; later chapters detail each object type and the controllers that reconcile them.

1.3 Introducing Kubernetes into your organization

This section outlines practical choices for adopting Kubernetes: where to run it (on-premises, in the cloud, or hybrid), whether to manage it yourself or use a managed service, which distribution to choose (vanilla vs enterprise), and how to decide if Kubernetes is appropriate for your workloads right now.

1.3.1 Running Kubernetes on-premises and in the cloud

On-premises: Often required by regulation; can run on bare metal or local VMs. Scaling capacity is constrained by your data center resources and is less elastic than cloud-based clusters.
Cloud: Highly elastic. Kubernetes can request more or fewer virtual machines to match workload demand, improving responsiveness and controlling costs.
Hybrid/multi-cloud: Run primarily on-premises and burst to the cloud during peaks, or span multiple providers/locations. Offers flexibility and cost control at the expense of added complexity.

1.3.2 To manage or not to manage Kubernetes yourself

Self-managed: Operating production-grade clusters is complex and risky without deep expertise. Suitable for learning and non-production, but consult experienced practitioners before committing to run it yourself.
Managed services: Using Kubernetes is far easier than managing it. Major clouds provide managed offerings (e.g., GKE, AKS, EKS, IBM Cloud, OpenShift Online/Dedicated, VMware Cloud PKS, Alibaba ACK) so you focus on the Kubernetes API while the provider operates the control plane. Early exercises in the book use local development and a managed GKE cluster; later chapters build foundational ops knowledge.

1.3.3 Using vanilla or extended Kubernetes

Vanilla (upstream): Community-driven, cutting-edge, but may be less stable and lacks strong secure defaults; requires significant tuning for production.
Enterprise distributions: Products like OpenShift and Rancher harden defaults, add features (such as user management objects) and curated tooling for common apps. They typically trail upstream by one or two versions, but the added security, performance, and operability often justify the lag.

1.3.4 Should you even use Kubernetes?

Need for orchestration: Monoliths don’t benefit. Very small microservice systems (≈<5 services) may not justify the overhead; larger systems (≈>20 services) usually do. In-between depends on context.
Learning investment: Even if operators run Kubernetes, developers will spend time learning and interacting with it.
Short-term costs: Expect higher initial spend on training, hiring, tooling, possible hardware, and cluster overhead before long-term efficiencies appear.
Hype check: Evaluate objectively; don’t adopt solely because it’s popular.

With these trade-offs in mind, the chapter invites you to step aboard and examine containers next.

1.4 Summary

Kubernetes is Greek for helmsman. As a ship’s captain oversees the ship while the helmsman steers it, you oversee your computer cluster, while Kubernetes performs the day-to-day management tasks. Kubernetes is pronounced koo-ber-netties. Kubectl, the Kubernetes command-line tool, is pronounced kube-control. Kubernetes is an open-source project built upon Google’s vast experience in running applications on a global scale. Thousands of individuals now contribute to it. Kubernetes uses a declarative model to describe application deployments. After you provide a description of your application to Kubernetes, it brings it to life. Kubernetes is like an operating system for the cluster. It abstracts the infrastructure and presents all computers in a data center as one large, contiguous deployment area. Microservice-based applications are more difficult to manage than monolithic applications. The more microservices you have, the more you need to automate their management with a system like Kubernetes. Kubernetes helps both development and operations teams to do what they do best. It frees them from mundane tasks and introduces a standard way of deploying applications both on-premises and in any cloud. Using Kubernetes allows developers to deploy applications without the help of system administrators. It reduces operational costs through better utilization of existing hardware, automatically adjusts your system to load fluctuations, and heals itself and the applications running on it. A Kubernetes cluster consists of master and worker nodes. The master nodes run the Control Plane, which controls the entire cluster, while the worker nodes run the deployed applications or workloads, and therefore represent the Workload Plane. Using Kubernetes is simple, but managing it is hard. An inexperienced team should use a Kubernetes-as-a-Service offering instead of deploying Kubernetes by itself.

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$55.99 $36.39

you save $19.60 (35%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$55.99 $36.39

you save $19.60 (35%)

eBook

pdf, ePub, online

$55.99 $36.39

you save $19.60 (35%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more