Monthly Archives: January 2019

Book Review: Managing Kubernetes

So as 2018 comes to a close soon, one fact can be pointed out: Kubernetes is the winner of the container orchestration frameworks “war”, short lived as it was. The popularity of the project is growing steadily and it is being adopted in a variety of businesses, from the small, but technologically adept startup, to large, multi-department enterprises. The “big-three” cloud providers are offering managed Kubernetes versions and there is a steadily growing ecosystem, taking care of various needs that end-users might have. Having said that, this is reflected in the relevant technical literature were most major publishing houses have circulated Kubernetes related books. The focus of these books is usually migrating an application stack to Kubernetes, or Kubernetes basic building blocks. The book chosen for this review is different: it is aimed towards system engineers (or “DevOps” or “SREs” or whatever term/methodology your organization is using) and strives to provide actionable information on managing Kubernetes clusters. Let’s start with a ToC

  • Introduction
  • An Overview of Kubernetes
  • Kubernetes Architecture
  • The Kubernetes API server
  • Scheduler
  • Installing Kubernetes
  • Authentication and User Management
  • Authorization
  • Admission Control
  • Networking
  • Monitoring Kubernetes
  • Disaster Recovery
  • Extending Kubernetes
  • Conclusions

As it can already be seen from the ToC, this book is a departure from the usual Kubernetes literature – most of the literature out there concerns itself with application deployment and application lifecycle on the cluster. Another interesting fact for this book is that it assumes that you run a self-managed Kubernetes cluster – the peculiarities of running Kubernetes-as-a-service are not covered – however, the knowledge contained in this book will be useful even when troubleshooting managed installations. From the introduction, it becomes evident that the focus of the book is to prepare the reader to be able to respond when things do not work as expected (or plainly go wrong), be able to finetune and optimize clusters and finally to be able to extend the system with custom or new functionality.

Once the objectives are set, the book gives an essential introduction to Kubernetes application building blocks, starting from the bare essentials, like Pods and ReplicaSets and progressing to more advanced topics. However, as discussed, this is not the focus of the book so the section is quite short.

In the next chapter, the basics of Kubernetes architecture (which in itself is a distributed system) are laid down. The chapter is broken down in Concepts, Structure and Components, each of which gets a concise, yet packed with information, treatise. With that out of the way, the book moves on to the Kubernetes API Server, describes in detail its structure (which should not be that unfamiliar to those that have worked with well-designed REST APIs before) and ends with some debugging tips. This is followed by a short section on scheduling, while only a high level overview of the algorithm itself is given, at least we are given a treatment on affinities, taints and the rest.

As stated before, Kubernetes is itself a distributed system. There are more than one way to install it, the book chooses to focus on kubeadm – a sane choice given that quite a few installation tools use kubeadm under the hood.

The next two chapters deal with Authentication and Authorization (A1 and A2 for all you infosec acronym fans). Kubernetes itself supports a few Authentication mechanisms, with client certificates likely to be the most common, and the most important ones are examined. With that out of the way, the book discusses, again in a concise way, Kubernetes authorization and admission control. While authorization has kind of settled down by now, admission control is a rapidly moving target – this is pointed out properly by the authors, who pass along enough knowledge for someone to be able to follow into this topic.

The next chapter dives into one of the most important, yet often overlooked, aspects of Kubernetes: networking. As stated already, Kubernetes is a distributed system and networking between components is one crucial aspect. Again, we get a concise treatment about Container Runtime Interface, Service Discovery and even service meshes get a mention at the end of the chapter.

Running a cluster means you should have an x-ray into the cluster, thus the next cluster is concerned with monitoring a Kubernetes cluster, as well as an introduction to monitoring applications inside the cluster. This should give the operator enough insight about the cluster health at any given moment. In case the cluster health is not nominal, is the topic of the penultimate chapter, namely disaster recovery. When running a distributed system a lot of different aspects of the system can fail and, as an operator, you should be prepared to respond and restore the functionality of the cluster to a well defined state. Certain failure points and tools for recovery are discussed. The book closes off with a chapter on extending Kubernetes, somewhat surprisingly using Javascript as the language for the hands on example.

Overall, this is a must-have purchase if you operate Kubernetes clusters or if you are interested in how it operates under the hood. However, the book tries to cover a lot of material in a relatively short length of 170 pages so it remains concise at all times – the material covered within could easily expand to twice or even thrice the size of the book. However, given that this is a pioneering book and that it is written with a higher level of abstraction that extends its lifetime (something really important when dealing with a rapidly moving target, such as Kubernetes), then I would recommend it, and not just on the basis of the impressive credentials of the authors. I really look forward for this book to be used as a seed for a series of further literature (printed or electronic) dealing more with the operational dimensions of Kubernetes.