Hands-On Microservices with Kubernetes
Gigi Sayfan更新时间:2021-06-24 13:47:56
最新章节:Leave a review - let other readers know what you thinkcoverpage
Title Page
Copyright and Credits
Hands-On Microservices with Kubernetes
About Packt
Why subscribe?
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Introduction to Kubernetes for Developers
Technical requirements
Installing Docker
Installing kubectl
Installing Minikube
The code
Kubernetes in a nutshell
Kubernetes – the container orchestration platform
The history of Kubernetes
The state of Kubernetes
Understanding the Kubernetes architecture
The control plane
The API server
The etcd store
The scheduler
The controller manager
The data plane
The kubelet
The kube proxy
The container runtime
Kubectl
Kubernetes and microservices – a perfect match
Packaging and deploying microservices
Exposing and discovering microservices
Securing microservices
Namespaces
Service accounts
Secrets
Secure communication
Network policies
Authenticating and authorizing microservices
Role-based access control
Upgrading microservices
Scaling microservices
Monitoring microservices
Logging
Metrics
Creating a local cluster
Installing Minikube
Troubleshooting Minikube
Verifying your cluster
Playing with your cluster
Installing Helm
Summary
Further reading
Getting Started with Microservices
Technical requirements
Installing Go with Homebrew on macOS
Installing Go on other platforms
The code
Programming in the small – less is more
Making your microservice autonomous
Employing interfaces and contracts
Exposing your service via APIs
Using client libraries
Managing dependencies
Coordinating microservices
The uniformity versus flexibility trade-off
Taking advantage of ownership
Understanding Conway's law
Vertical
Horizontal
Matrix
Troubleshooting across multiple services
Utilizing shared service libraries
Choosing a source control strategy
Monorepo
Multiple repos
Hybrid
Creating a data strategy
One data store per microservice
Running distributed queries
Employing Command Query Responsibility Segregation
Employing API composition
Using sagas to manage transactions across multiple services
Understanding ACID
Understanding the CAP theorem
Applying the saga pattern to microservices
Summary
Further reading
Delinkcious - the Sample Application
Technical requirements
Visual Studio Code
GoLand
LiteIDE
Other options
The code
Choosing Go for Delinkcious
Getting to know Go kit
Structuring microservices with Go kit
Understanding transports
Understanding endpoints
Understanding services
Understanding middleware
Understanding clients
Generating the boilerplate
Introducing the Delinkcious directory structure
The cmd subdirectory
The pkg subdirectory
The svc subdirectory
Introducing the Delinkcious microservices
The object model
The service implementation
Implementing the support functions
Invoking the API via a client library
Storing data
Summary
Further reading
Setting Up the CI/CD Pipeline
Technical requirements
The code
Understanding a CI/CD pipeline
Options for the Delinkcious CI/CD pipeline
Jenkins X
Spinnaker
Travis CI and CircleCI
Tekton
Argo CD
Rolling your own
GitOps
Building your images with CircleCI
Reviewing the source tree
Configuring the CI pipeline
Understanding the build.sh script
Dockerizing a Go service with a multi-stage Dockerfile
Exploring the CircleCI UI
Considering future improvements
Setting up continuous delivery for Delinkcious
Deploying a Delinkcious microservice
Understanding Argo CD
Argo CD is built on Argo
Argo CD utilizes GitOps
Getting started with Argo CD
Configuring Argo CD
Using sync policies
Exploring Argo CD
Summary
Further reading
Configuring Microservices with Kubernetes
Technical requirements
The code
What is configuration all about?
Configuration and secrets
Managing configuration the old-fashioned way
Convention over configuration
Command-line flags
Environment variables
Configuration files
INI format
XML format
JSON format
YAML format
TOML format
Proprietary formats
Hybrid configuration and defaults
Twelve factor app configuration
Managing configuration dynamically
Understanding dynamic configuration
When is dynamic configuration useful?
When should you avoid dynamic configuration?
Remote configuration store
Remote configuration service
Configuring microservices with Kubernetes
Working with Kubernetes ConfigMaps
Creating and managing ConfigMaps
Applying advanced configuration
Kubernetes custom resources
Service discovery
Summary
Further reading
Securing Microservices on Kubernetes
Technical requirements
The code
Applying sound security principles
Differentiating between user accounts and service accounts
User accounts
Service accounts
Managing secrets with Kubernetes
Understanding the three types of Kubernetes secret
Creating your own secrets
Passing secrets to containers
Building a secure pod
Managing permissions with RBAC
Controlling access with authentication authorization and admission
Authenticating microservices
Authorizing microservices
Admitting microservices
Hardening your Kubernetes cluster using security best practices
Securing your images
Always pull images
Scan for vulnerabilities
Update your dependencies
Pinning the versions of your base images
Using minimal base images
Dividing and conquering your network
Safeguarding your image registry
Granting access to Kubernetes resources as needed
Using quotas to minimize the blast radius
Units for requests and limits
Implementing security contexts
Hardening your pods with security policies
Hardening your toolchain
Authentication of admin user via JWT tokens
Authorization via RBAC
Secure communication over HTTPS
Secret and credentials management
Audits
Cluster RBAC
Summary
Further reading
Talking to the World - APIs and Load Balancers
Technical requirements
The code
Getting familiar with Kubernetes services
Service types in Kubernetes
East-west versus north-south communication
Understanding ingress and load balancing
Providing and consuming a public REST API
Building a Python-based API gateway service
Implementing social login
Routing traffic to internal microservices
Utilizing base Docker images to reduce build time
Adding ingress
Verifying that the API gateway is available outside the cluster
Finding the Delinkcious URL
Getting an access token
Hitting the Delinkcious API gateway from outside the cluster
Providing and consuming an internal gRPC API
Defining the NewsManager interface
Implementing the news manager package
Exposing NewsManager as a gRPC service
Defining the gRPC service contract
Generating service stubs and client libraries with gRPC
Using Go-kit to build the NewsManager service
Implementing the gRPC transport
Sending and receiving events via a message queue
What is NATS?
Deploying NATS in the cluster
Sending link events with NATS
Subscribing to link events with NATS
Handling link events
Understanding service meshes
Summary
Further reading
Working with Stateful Services
Technical requirements
The code
Abstracting storage
The Kubernetes storage model
Storage classes
Volumes persistent volumes and provisioning
Persistent volume claims
In-tree and out-of-tree storage plugins
Understanding CSI
Standardizing on CSI
Storing data outside your Kubernetes cluster
Storing data inside your cluster with StatefulSets
Understanding a StatefulSet
StatefulSet components
Pod identity
Orderliness
When should you use a StatefulSet?
Comparing deployment and StatefulSets
Reviewing a large StatefulSet example
A quick introduction to Cassandra
Deploying Cassandra on Kubernetes using StatefulSets
Achieving high performance with local storage
Storing your data in memory
Storing your data on a local SSD
Using relational databases in Kubernetes
Understanding where the data is stored
Using a deployment and service
Using a StatefulSet
Helping the user service locate StatefulSet pods
Managing schema changes
Using non-relational data stores in Kubernetes
An introduction to Redis
Persisting events in the news service
Summary
Further reading
Running Serverless Tasks on Kubernetes
Technical requirements
The code
Serverless in the cloud
Microservices and serverless functions
Modeling serverless functions in Kubernetes
Functions as code
Functions as containers
Building configuring and deploying serverless functions
Invoking serverless functions
Link checking with Delinkcious
Designing link checks
Implementing link checks
Serverless link checking with Nuclio
A quick introduction to Nuclio
Creating a link checker serverless function
Deploying the link checker function with nuctl
Deploying a function using the Nuclio dashboard
Invoking the link-checker function directly
Triggering link checking in LinkManager
Other Kubernetes serverless frameworks
Kubernetes Jobs and CronJobs
KNative
Fission
Kubeless
OpenFaas
Summary
Further reading
Testing Microservices
Technical requirements
Unit testing
Unit testing with Go
Unit testing with Ginkgo and Gomega
Delinkcious unit testing
Designing for testability
The art of mocking
Bootstrapping your test suite
Implementing the LinkManager unit tests
Should you test everything?
Integration testing
Initializing a test database
Running services
Running the actual test
Implementing database test helpers
Implementing service test helpers
Checking errors
Running a local service
Stopping a local service
Local testing with Kubernetes
Writing a smoke test
Running the test
Telepresence
Installing Telepresence
Running a local link service via Telepresence
Attaching to the local link service with GoLand for live debugging
Isolating tests
Test clusters
Cluster per developer
Dedicated clusters for system tests
Test namespaces
Writing multi-tenant systems
Cross namespace/cluster
End-to-end testing
Acceptance testing
Regression testing
Performance testing
Managing test data
Synthetic data
Manual test data
Production snapshot
Summary
Further reading
Deploying Microservices
Technical requirements
The code
Kubernetes deployments
Deploying to multiple environments
Understanding deployment strategies
Recreating deployment
Rolling updates
Blue-green deployment
Adding deployment – the blue label
Updating the link-manager service to match blue pods only
Prefixing the description of each link with [green]
Bumping the version number
Letting CircleCI build the new image
Deploying the new (green) version
Updating the link-manager service to use the green deployment
Verifying that the service now uses the green pods to serve requests
Canary deployments
Employing a basic canary deployment for Delinkcious
Using canary deployments for A/B testing
Rolling back deployments
Rolling back standard Kubernetes deployments
Rolling back blue-green deployments
Rolling back canary deployments
Dealing with a rollback after a schema API or payload change
Managing versions and dependencies
Managing public APIs
Managing cross-service dependencies
Managing third-party dependencies
Managing your infrastructure and toolchain
Local development deployments
Ko
Ksync
Draft
Skaffold
Tilt
Summary
Further reading
Monitoring Logging and Metrics
Technical requirements
The code
Self-healing with Kubernetes
Container failures
Node failure
Systemic failures
Autoscaling a Kubernetes cluster
Horizontal pod autoscaling
Using the horizontal pod autoscaler
Cluster autoscaling
Vertical pod autoscaling
Provisioning resources with Kubernetes
What resources should you provision?
Defining container limits
Specifying resource quotas
Manual provisioning
Utilizing autoscaling
Rolling your own automated provisioning
Getting performance right
Performance and user experience
Performance and high availability
Performance and cost
Performance and security
Logging
What should you log?
Logging versus error reporting
The quest for the perfect Go logging interface
Logging with Go-kit
Setting up a logger with Go-kit
Using a logging middleware
Centralized logging with Kubernetes
Collecting metrics on Kubernetes
Introducing the Kubernetes metrics API
Understanding the Kubernetes metrics server
Using Prometheus
Deploying Prometheus into the cluster
Recording custom metrics from Delinkcious
Alerting
Embracing component failure
Grudgingly accepting system failure
Taking human factors into account
Warnings versus alerts
Considering severity levels
Determining alert channels
Fine-tuning noisy alerts
Utilizing the Prometheus alert manager
Configuring alerts in Prometheus
Distributed tracing
Installing Jaeger
Integrating tracing into your services
Summary
Further reading
Service Mesh - Working with Istio
Technical requirements
The code
What is a service mesh?
Comparing monoliths to microservices
Using a shared library to manage the cross-cutting concerns of microservices
Using a service mesh to manage the cross-cutting concerns of microservices
Understanding the relationship between Kubernetes and a service mesh
What does Istio bring to the table?
Getting to know the Istio architecture
Envoy
Pilot
Mixer
Citadel
Galley
Managing traffic with Istio
Routing requests
Load balancing
Handling failures
Injecting faults for testing
Doing canary deployments
Securing your cluster with Istio
Understanding Istio identity
Authenticating users with Istio
Authorizing requests with Istio
Enforcing policies with Istio
Collecting metrics with Istio
When should you avoid Istio?
Delinkcious on Istio
Removing mutual authentication between services
Utilizing better canary deployments
Automatic logging and error reporting
Accommodating NATS
Examining the Istio footprint
Alternatives to Istio
Linkerd 2.0
Envoy
HashiCorp Consul
AWS App Mesh
Others
The no mesh option
Summary
Further reading
The Future of Microservices and Kubernetes
The future of microservices
Microservices versus serverless functions
Microservices containers and orchestration
gRPC and gRPC-Web
GraphQL
HTTP/3 is coming
The future of Kubernetes
Kubernetes extensibility
Abstracting the container runtime
Abstracting networking
Abstracting storage
The cloud provider interface
Service mesh integration
Serverless computing on Kubernetes
Kubernetes and VMs
gVisor
Firecracker
Kata containers
Cluster autoscaling
Using operators
Federation
Summary
Further reading
Other Books You May Enjoy
Leave a review - let other readers know what you think
更新时间:2021-06-24 13:47:56