Hands-On Microservices with Kubernetes: Build, deploy, and manage scalable microservices on Kubernetes

Hands-On Microservices

with Kubernetes

Build, deploy, and manage scalable microservices

on Kubernetes

Gigi Sayfan

BIRMINGHAM - MUMBAI

Hands-On Microservices with Kubernetes

Copyright © 2019 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Pavan Ramchandani

Acquisition Editor: Rohit Rajkumar

Content Development Editor: Amitendra Pathak

Senior Editor: Rahul Dsouza

Technical Editor: Prachi Sawant

Copy Editor: Safis Editing

Project Coordinator: Jagdish Prabhu

Proofreader: Safis Editing

Indexer: Manju Arasan

Production Designer: Jayalaxmi Raja

First published: July 2019

Production reference: 1050719

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-78980-546-8

www.packtpub.com

Packt.com

Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Fully searchable for easy access to vital information

Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Contributors

About the author

Gigi Sayfan is a principal software architect at Helix – a bioinformatics and genomics start-up – and author of Mastering Kubernetes, published by Packt. He has been developing software professionally for more than 20 years in domains as diverse as instant messaging, morphing, chip-fabrication process control, embedded multimedia applications for games consoles, and brain-inspired machine learning. He has written production code in many programming languages including Go, Python, C#, Java, Delphi, JavaScript, and even Cobol and PowerBuilder, for operating systems such as Windows, Linux, macOS, Lynx, and Sony PlayStation. His technical expertise covers databases, low-level networking, unorthodox user interfaces, and the general SDLC.

About the reviewers

Guang Ya Liu is a senior technical staff member for IBM Cloud Private and is currently focused on cloud computing, container technology, and distributed computing. He is also a member of the IBM Academy of Technology. He was an OpenStack Magnum Core member from 2015 to 2017, and now serves as an Istio maintainer, Kubernetes member, Kubernetes Federation V2 maintainer, Apache Mesos committer, and PMC member.

Shashidhar Soppin is a senior software architect with over 18 years' experience in IT. He has worked on virtualization, storage, the cloud and cloud architecture, OpenStack, machine learning, deep learning, and Docker container technologies. Primarily, his focus is on building new approaches and solutions for enterprise customers. He is an avid author of open source technologies (OSFY), a blogger (LinuxTechi), and a holder of patents. He graduated from BIET, Davangere, India. In his free time, he loves to travel and read books.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Hands-On Microservices with Kubernetes

About Packt

Why subscribe?

Contributors

About the author

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Introduction to Kubernetes for Developers

Technical requirements

Installing Docker

Installing kubectl

Installing Minikube

The code

Kubernetes in a nutshell

Kubernetes – the container orchestration platform

The history of Kubernetes

The state of Kubernetes

Understanding the Kubernetes architecture

The control plane

The API server

The etcd store

The scheduler

The controller manager

The data plane

The kubelet

The kube proxy

The container runtime

Kubectl

Kubernetes and microservices – a perfect match

Packaging and deploying microservices

Exposing and discovering microservices

Securing microservices

Namespaces

Service accounts

Secrets

Secure communication

Network policies

Authenticating and authorizing microservices

Role-based access control

Upgrading microservices

Scaling microservices

Monitoring microservices

Logging

Metrics

Creating a local cluster

Installing Minikube

Troubleshooting Minikube

Verifying your cluster

Playing with your cluster

Installing Helm

Summary

Further reading

Getting Started with Microservices

Technical requirements

Installing Go with Homebrew on macOS

Installing Go on other platforms

The code

Programming in the small – less is more

Making your microservice autonomous

Employing interfaces and contracts

Exposing your service via APIs

Using client libraries

Managing dependencies

Coordinating microservices

The uniformity versus flexibility trade-off

Taking advantage of ownership

Understanding Conway's law

Vertical

Horizontal

Matrix

Troubleshooting across multiple services

Utilizing shared service libraries

Choosing a source control strategy

Monorepo

Multiple repos

Hybrid

Creating a data strategy

One data store per microservice

Running distributed queries

Employing Command Query Responsibility Segregation

Employing API composition

Using sagas to manage transactions across multiple services

Understanding ACID

Understanding the CAP theorem

Applying the saga pattern to microservices

Summary

Further reading

Delinkcious - the Sample Application

Technical requirements

Visual Studio Code

GoLand

LiteIDE

Other options

The code

Choosing Go for Delinkcious

Getting to know Go kit

Structuring microservices with Go kit

Understanding transports

Understanding endpoints

Understanding services

Understanding middleware

Understanding clients

Generating the boilerplate

Introducing the Delinkcious directory structure

The cmd subdirectory

The pkg subdirectory

The svc subdirectory

Introducing the Delinkcious microservices

The object model

The service implementation

Implementing the support functions

Invoking the API via a client library

Storing data

Summary

Further reading

Setting Up the CI/CD Pipeline

Technical requirements

The code

Understanding a CI/CD pipeline

Options for the Delinkcious CI/CD pipeline

Jenkins X

Spinnaker

Travis CI and CircleCI

Tekton

Argo CD

Rolling your own

GitOps

Building your images with CircleCI

Reviewing the source tree

Configuring the CI pipeline

Understanding the build.sh script

Dockerizing a Go service with a multi-stage Dockerfile

Exploring the CircleCI UI

Considering future improvements

Setting up continuous delivery for Delinkcious

Deploying a Delinkcious microservice

Understanding Argo CD

Argo CD is built on Argo

Argo CD utilizes GitOps

Getting started with Argo CD

Configuring Argo CD

Using sync policies

Exploring Argo CD

Summary

Further reading

Configuring Microservices with Kubernetes

Technical requirements

The code

What is configuration all about?

Configuration and secrets

Managing configuration the old-fashioned way

Convention over configuration

Command-line flags

Environment variables

Configuration files

INI format

XML format

JSON format

YAML format

TOML format

Proprietary formats

Hybrid configuration and defaults

Twelve factor app configuration

Managing configuration dynamically

Understanding dynamic configuration

When is dynamic configuration useful?

When should you avoid dynamic configuration?

Remote configuration store

Remote configuration service

Configuring microservices with Kubernetes

Working with Kubernetes ConfigMaps

Creating and managing ConfigMaps

Applying advanced configuration

Kubernetes custom resources

Service discovery

Summary

Further reading

Securing Microservices on Kubernetes

Technical requirements

The code

Applying sound security principles

Differentiating between user accounts and service accounts

User accounts

Service accounts

Managing secrets with Kubernetes

Understanding the three types of Kubernetes secret

Creating your own secrets

Passing secrets to containers

Building a secure pod

Managing permissions with RBAC

Controlling access with authentication, authorization, and admission

Authenticating microservices

Authorizing microservices

Admitting microservices

Hardening your Kubernetes cluster using security best practices

Securing your images

Always pull images

Scan for vulnerabilities

Update your dependencies

Pinning the versions of your base images

Using minimal base images

Dividing and conquering your network

Safeguarding your image registry

Granting access to Kubernetes resources as needed

Using quotas to minimize the blast radius

Units for requests and limits

Implementing security contexts

Hardening your pods with security policies

Hardening your toolchain

Authentication of admin user via JWT tokens

Authorization via RBAC

Secure communication over HTTPS

Secret and credentials management

Audits

Cluster RBAC

Summary

Further reading

Talking to the World - APIs and Load Balancers

Technical requirements

The code

Getting familiar with Kubernetes services

Service types in Kubernetes

East-west versus north-south communication

Understanding ingress and load balancing

Providing and consuming a public REST API

Building a Python-based API gateway service

Implementing social login

Routing traffic to internal microservices

Utilizing base Docker images to reduce build time

Adding ingress

Verifying that the API gateway is available outside the cluster

Finding the Delinkcious URL

Getting an access token

Hitting the Delinkcious API gateway from outside the cluster

Providing and consuming an internal gRPC API

Defining the NewsManager interface

Implementing the news manager package

Exposing NewsManager as a gRPC service

Defining the gRPC service contract

Generating service stubs and client libraries with gRPC

Using Go-kit to build the NewsManager service

Implementing the gRPC transport

Sending and receiving events via a message queue

What is NATS?

Deploying NATS in the cluster

Sending link events with NATS

Subscribing to link events with NATS

Handling link events

Understanding service meshes

Summary

Further reading

Working with Stateful Services

Technical requirements

The code

Abstracting storage

The Kubernetes storage model

Storage classes

Volumes, persistent volumes, and provisioning

Persistent volume claims

In-tree and out-of-tree storage plugins

Understanding CSI

Standardizing on CSI

Storing data outside your Kubernetes cluster

Storing data inside your cluster with StatefulSets

Understanding a StatefulSet

StatefulSet components

Pod identity

Orderliness

When should you use a StatefulSet?

Comparing deployment and StatefulSets

Reviewing a large StatefulSet example

A quick introduction to Cassandra

Deploying Cassandra on Kubernetes using StatefulSets

Achieving high performance with local storage

Storing your data in memory

Storing your data on a local SSD

Using relational databases in Kubernetes

Understanding where the data is stored

Using a deployment and service

Using a StatefulSet

Helping the user service locate StatefulSet pods

Managing schema changes

Using non-relational data stores in Kubernetes

An introduction to Redis

Persisting events in the news service

Summary

Further reading

Running Serverless Tasks on Kubernetes

Technical requirements

The code

Serverless in the cloud

Microservices and serverless functions

Modeling serverless functions in Kubernetes

Functions as code

Functions as containers

Building, configuring, and deploying serverless functions

Invoking serverless functions

Link checking with Delinkcious

Designing link checks

Implementing link checks

Serverless link checking with Nuclio

A quick introduction to Nuclio

Creating a link checker serverless function

Deploying the link checker function with nuctl

Deploying a function using the Nuclio dashboard

Invoking the link-checker function directly

Triggering link checking in LinkManager

Other Kubernetes serverless frameworks

Kubernetes Jobs and CronJobs

KNative

Fission

Kubeless

OpenFaas

Summary

Further reading

Testing Microservices

Technical requirements

Unit testing

Unit testing with Go

Unit testing with Ginkgo and Gomega

Delinkcious unit testing

Designing for testability

The art of mocking

Bootstrapping your test suite

Implementing the LinkManager unit tests

Should you test everything?

Integration testing

Initializing a test database

Running services

Running the actual test

Implementing database test helpers

Implementing service test helpers

Checking errors

Running a local service

Stopping a local service

Local testing with Kubernetes

Writing a smoke test

Running the test

Telepresence

Installing Telepresence

Running a local link service via Telepresence

Attaching to the local link service with GoLand for live debugging

Isolating tests

Test clusters

Cluster per developer

Dedicated clusters for system tests

Test namespaces

Writing multi-tenant systems

Cross namespace/cluster

End-to-end testing

Acceptance testing

Regression testing

Performance testing

Managing test data

Synthetic data

Manual test data

Production snapshot

Summary

Further reading

Deploying Microservices

Technical requirements

The code

Kubernetes deployments

Deploying to multiple environments

Understanding deployment strategies

Recreating deployment

Rolling updates

Blue-green deployment

Adding deployment – the blue label

Updating the link-manager service to match blue pods only

Prefixing the description of each link with [green]

Bumping the version number

Letting CircleCI build the new image

Deploying the new (green) version

Updating the link-manager service to use the green deployment

Verifying that the service now uses the green pods to serve requests

Canary deployments

Employing a basic canary deployment for Delinkcious

Using canary deployments for A/B testing

Rolling back deployments

Rolling back standard Kubernetes deployments

Rolling back blue-green deployments

Rolling back canary deployments

Dealing with a rollback after a schema, API, or payload change

Managing versions and dependencies

Managing public APIs

Managing cross-service dependencies

Managing third-party dependencies

Managing your infrastructure and toolchain

Local development deployments

Ko

Ksync

Draft

Skaffold

Tilt

Summary

Further reading

Monitoring, Logging, and Metrics

Technical requirements

The code

Self-healing with Kubernetes

Container failures

Node failure

Systemic failures

Autoscaling a Kubernetes cluster

Horizontal pod autoscaling

Using the horizontal pod autoscaler

Cluster autoscaling

Vertical pod autoscaling

Provisioning resources with Kubernetes

What resources should you provision?

Defining container limits

Specifying resource quotas

Manual provisioning

Utilizing autoscaling

Rolling your own automated provisioning

Getting performance right

Performance and user experience 

Performance and high availability

Performance and cost

Performance and security

Logging

What should you log?

Logging versus error reporting

The quest for the perfect Go logging interface

Logging with Go-kit

Setting up a logger with Go-kit

Using a logging middleware

Centralized logging with Kubernetes

Collecting metrics on Kubernetes

Introducing the Kubernetes metrics API

Understanding the Kubernetes metrics server

Using Prometheus

Deploying Prometheus into the cluster

Recording custom metrics from Delinkcious

Alerting

Embracing component failure

Grudgingly accepting system failure

Taking human factors into account

Warnings versus alerts

Considering severity levels

Determining alert channels

Fine-tuning noisy alerts

Utilizing the Prometheus alert manager

Configuring alerts in Prometheus

Distributed tracing

Installing Jaeger

Integrating tracing into your services

Summary

Further reading

Service Mesh - Working with Istio

Technical requirements

The code

What is a service mesh?

Comparing monoliths to microservices

Using a shared library to manage the cross-cutting concerns of microservices

Using a service mesh to manage the cross-cutting concerns of microservices

Understanding the relationship between Kubernetes and a service mesh

What does Istio bring to the table?

Getting to know the Istio architecture

Envoy

Pilot

Mixer

Citadel

Galley

Managing traffic with Istio

Routing requests

Load balancing

Handling failures

Injecting faults for testing

Doing canary deployments

Securing your cluster with Istio

Understanding Istio identity

Authenticating users with Istio

Authorizing requests with Istio

Enforcing policies with Istio

Collecting metrics with Istio

When should you avoid Istio?

Delinkcious on Istio

Removing mutual authentication between services

Utilizing better canary deployments

Automatic logging and error reporting

Accommodating NATS

Examining the Istio footprint

Alternatives to Istio

Linkerd 2.0

Envoy

HashiCorp Consul

AWS App Mesh

Others

The no mesh option

Summary

Further reading

The Future of Microservices and Kubernetes

The future of microservices

Microservices versus serverless functions

Microservices, containers, and orchestration

gRPC and gRPC-Web

GraphQL

HTTP/3 is coming

The future of Kubernetes

Kubernetes extensibility

Abstracting the container runtime

Abstracting networking

Abstracting storage

The cloud provider interface

Service mesh integration

Serverless computing on Kubernetes

Kubernetes and VMs

gVisor

Firecracker

Kata containers

Cluster autoscaling

Using operators

Federation

Summary

Further reading

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

Hands-On Microservices with Kubernetes is the book you have been waiting for. It will walk you though the parallel paths of developing microservices and deploying them on Kubernetes. The synergy between microservice-based architecture and Kubernetes is very powerful. This book covers all angles. It explains the concepts behind microservices and Kubernetes, discusses real-world concerns and trade-offs, takes you through the development of fully fledged microservice-based systems, shows you best practices, and provides ample recommendations.

This book covers an amazing amount of ground in great depth and with working code to illustrate. You will learn how to design a microservice-based architecture, build microservices, test the microservices you've built, and package them as Docker images. Then, you will learn how to deploy your system as a collection of Docker images to Kubernetes and manage it there.

Along the way, you will become familiar with most important trends to be aware of, such as automated continuous integration / continuous delivery (CI/CD) , gRPC-based microservices, serverless computing, and service meshes.

By the end of this book, you will have gained a lot of knowledge and hands-on experience with planning, developing, and operating large-scale cloud-native systems using microservice-based architecture deployed on Kubernetes.

Who this book is for

This book is targeted at software developers and DevOps engineers who want to be at the forefront of large-scale software engineering. It will help if you have experience with large-scale software systems that are deployed using containers on more than one machine and are developed by several teams.

What this book covers

Chapter 1, Introduction to Kubernetes for Developers, introduces you to Kubernetes. You will receive a whirlwind tour of Kubernetes and get an idea of how well it aligns with microservices.

Chapter 2, Getting Started with Microservices, discusses various aspects, patterns, and approaches to common problems in microservice-based systems and how they compare to other common architectures, such as monoliths and large services.

Chapter 3, Delinkcious – the Sample Application, explores why we should choose Go as the programming language of Delinkcious; then we will look at Go kit.

Chapter 4, Setting Up the CI/CD Pipeline, teaches you about the problem the CI/CD pipeline solves, covers the different options for CI/CD pipelines for Kubernetes, and finally looks at building a CI/CD pipeline for Delinkcious.

Chapter 5, Configuring Microservices with Kubernetes, moves you into the practical and real-world area of microservices configuration. Also, we will discuss Kubernetes-specific options and, in particular, ConfigMaps.

Chapter 6, Securing Microservices on Kubernetes, examines how to secure your microservices on Kubernetes in depth. We will also discuss the pillars that act as the foundation of microservice security on Kubernetes.

Chapter 7, Talking to the World – APIs and Load Balancers, sees us open Delinkcious to the world and let users interact with it from outside the cluster. Also, we will add a gRPC-based news service that users can hit up to get news about other users they follow. Finally, we will add a message queue that lets services communicate in a loosely coupled manner.

Chapter 8, Working with Stateful Services, delves into the Kubernetes storage model. We will also extend the Delinkcious news service to store its data in Redis, instead of in memory.

Chapter 9, Running Serverless Tasks on Kubernetes, dives into one of the hottest trends in cloud-native systems: serverless computing (also known as Function as a Service, or FaaS). Also, we'll cover other ways to do serverless computing in Kubernetes.

Chapter 10, Testing Microservices, covers the topic of testing and its various flavors: unit testing, integration testing, and all kinds of end-to-end testing. We also delve into how Delinkcious tests are structured.

Chapter 11, Deploying Microservices, deals with two related, yet separate, themes: production deployments and development deployments. 

Chapter 12, Monitoring, Logging, and Metrics, focuses on the operational side of running a large-scale distributed system on Kubernetes, as well as on how to design the system and what to take into account to ensure a top-notch operational posture. 

Chapter 13, Service Mesh – Working with Istio, reviews the hot topic of service meshes and, in particular, Istio. This is exciting because service meshes are a real game changer.

Chapter 14, The Future of Microservices and Kubernetes, covers the topics of Kubernetes and microservices, and will help us learn how to decide when it's the right time to adopt and invest in newer technologies.

To get the most out of this book

Any software requirements are either listed at the beginning of each chapter in the Technical requirements section, or, if the installation of a particular piece of software is part of the material of the chapter, then any instructions you need will be contained within the chapter itself. Most of the installations are software components that are installed into the Kubernetes cluster. This is an important part of the hands-on nature of the book. 

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at www.packt.com.

Select the SUPPORT tab.

Click on Code Downloads & Errata.

Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Hands-On-Microservices-with-Kubernetes. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781789805468_ColorImages.pdf.