Kubernetes Patterns 2nd Edition Reading Group Report
#SRG(Service Reliability Group) mainly provides cross-sectional support for the infrastructure of our media services, improving existing services, launching new ones, contributing to OSS, etc.
In this article, we will introduce the Kubernetes-related book reading group that was held within our company from November 2024 to February 2025.
The books we covered this time are"Kubernetes Patterns 2nd Edition" (Bilgin Ibryam, Roland Huß, translated by Hayato Matsuura)is.
background
I received this book from translator Hayato Matsuura last September for a review. However, I was so busy with work at the time that I didn't have enough time to read it, and I was unable to submit my review.
Around that time, several people on our team had bought the book, and we decided to hold a reading group to read it together and discuss it.
As an apology for not being able to write a book review, I have decided to publish an article summarizing the practical book club activities that took place within my company as my own output.
Event style
In a typical reading circle, the person in charge makes a presentation, and the other members often do not read the text very closely, which makes it difficult to deepen the discussion. Therefore, in this reading circle, we adopted a style in which everyone read the relevant passage at the same time and wrote down any points that interested them or questions they had in advance.
In the 30-minute to 60-minute format, each member made a presentation based on their own notes, and freely added comments and supplementary notes. Some sections became very controversial, so we divided them into smaller sections as necessary.
Here are some examples of notes that have actually been shared:
Rotary reading group report
From here on, based on the contents of the book, I will introduce an overview of each part and key points of discussion.
Part 1
Part 1, "Basic Patterns," outlines the basics of design and operation that are essential for running applications on Kubernetes.
It lays out the process from a Kubernetes perspective: how applications declare their resource requirements, how they are deployed, how they keep themselves healthy, how they respond to lifecycle events, and finally how they are placed on nodes.
Particular interest was focused on the resource control discussed in Chapter 2, "Predictable Demand." Many of the contents were directly related to actual operations, and the following opinions and discussions were exchanged:
limitslimits
limits
- QoS classes and eviction behavior should be understood
PriorityClass
ResourceQuota
Other topics covered included deployment strategies, best practices for health checks, how to use lifecycle hooks, and scheduling optimization, all of which were useful for on-site design and troubleshooting.
Part 2
The second part, "Behavior Patterns," focuses on the runtime behavior of Pods and outlines how Kubernetes can support and control them. It is structured from the perspective of how to choose the appropriate configuration depending on the type of workload and the characteristics of the service, and provides useful knowledge for runtime design and operation.
StatefulSetDownward APIThe following opinions and learnings were shared during the discussion:
StatefulSet
DaemonSet
ReplicaSet
suspend
StatefulSet
These patterns that support a variety of execution forms are important elements that directly relate to the reliability and scalability of the service. The second part of the session provided many insights into how to improve the accuracy of design decisions.
Part 3
Both Part 3, "Structured Patterns," and Part 4, "Configuration Patterns," dealt with practical design and operational know-how for Kubernetes, and were packed with practical insights that could be used as a reference for design.
AmbassadorThe following points were shared during the discussion:
sleep
explicit sidecar
Adapter
Sidecar
Part 4
Configuration TemplateThe following comments were particularly impressive:
- Many people said that environment variables cannot be changed and are not suitable for flexible operation.
Secret
etcd
Immutable Configuration
Configuration Template
Both patterns are topics closely related to CI/CD design and team operational policies. It was a great achievement to be able to discuss not only individual options as knowledge but also how to apply them to our own operations.
Part 5
In the fifth part, "Security Patterns," basic policies and practical examples for safely operating applications on Kubernetes were introduced from various perspectives. Based on perspectives such as minimizing the attack surface, protecting confidential information, and access control, security design concepts and actual issues were clearly organized, and much of the content was immediately usable in the field.
The discussion focused in particular on the following points:
allowPrivilegeEscalation: false
pod-security.kubernetes.io/enforce
AuthorizationPolicy
- Regarding secret management, there are many options such as Sealed Secret, Vault, and CSI Driver, but the complexity of operation is a bottleneck for all of them, and there was agreement that it is an area that "people don't want to do but can't avoid."
escalate
Security can be an area that can impair the development experience, and drawing the line at what level of protection is always a difficult issue. This was a good opportunity to stop and think about security, which tends to be put off.
Part 6
OperatorHowever, this reading group did not include any reading or discussion on this topic, as most of the participants had no experience in Operator development and had few opportunities to be involved in it in their current SRE work, and it was determined that this was not a high priority.
Internal Developer PlatformConclusion
Through the content of this reading group, the entire team was able to deepen their knowledge of Kubernetes design and operation. We would like to express our sincere gratitude to translator Hayato Matsuura for providing us with the Japanese version of the book. The high-quality translation made it easy to understand the complex technical content and lead to practical discussions. If you are interested, please pick up a copy of this book.
SRG is looking for people to work with us. If you are interested, please contact us here.