Kubernetes Patterns 2nd Edition Reading Group Report
#SRG(Service Reliability Group) is a group that mainly provides cross-sectional support for the infrastructure of our media services, improving existing services, launching new ones, and contributing to OSS.
In this article, we will introduce a Kubernetes-related book reading group that was held within our company from November 2024 to February 2025.
The books we covered this time are"Kubernetes Patterns, Second Edition" (Bilgin Ibryam, Roland Huß, translated by Hayato Matsuura)is.
background
I received this book from translator Hayato Matsuura last September as a book review. However, I was busy with work at the time and didn't have enough time to read it properly, so I was unable to submit my review.
Around that time, several members of our team had purchased the book, and we decided to hold a book club to read it together and discuss it.
As an apology for not being able to write a book review, I have decided to publish an article summarizing the practical book club activities held within the company as my own output.
Event style
In a typical reading circle, the person in charge makes the presentation, and the other members often don't read it very closely, making it difficult to deepen the discussion. Therefore, in this reading circle, everyone read the relevant passage at the same time, and each person adopted a style in which they took notes in advance about any points that concerned them or questions they had.
The sessions were timed to last between 30 minutes and an hour, with each member making a presentation based on their own notes, and freely adding comments and supplements. Some sections became more controversial, so we divided them into smaller sections as necessary.
Below are some examples of notes that have actually been shared:
Rotary reading group report
From here on, based on the contents of the book, I will introduce an overview of each section and key points of discussion.
Part 1
Part 1, "Basic Patterns," outlines the basics of design and operation that are essential for running applications on Kubernetes.
It lays out the process from a Kubernetes perspective: how applications declare their resource requirements, how they are deployed, how they maintain their health, how they respond to lifecycle events, and how they are ultimately placed on nodes.
Particular interest was drawn to the resource control aspects of Chapter 2, "Predictable Demand." Much of the content is directly related to actual operations, and the following opinions and discussions were exchanged:
limitslimits
limits
- You should understand the behavior of QoS classes and evictions.
PriorityClass
ResourceQuota
Other topics covered included deployment strategies, best practices for health checks, how to use lifecycle hooks, and scheduling optimization, all of which were useful for on-site design and troubleshooting.
Part 2
The second part, "Behavior Patterns," focuses on the runtime behavior of Pods and outlines how Kubernetes can support and control it. It is structured from the perspective of how to select the appropriate configuration depending on the type of workload and the characteristics of the service, and provides useful knowledge for runtime design and operation.
StatefulSetDownward APIThe following opinions and lessons were shared during the discussion:
StatefulSet
DaemonSet
ReplicaSet
suspend
StatefulSet
These patterns, which support a variety of execution modes, are important elements that directly affect the reliability and scalability of services. Part 2 provided many insights into how to improve the accuracy of design decisions.
Part 3
Part 3, "Structured Patterns," and Part 4, "Configuration Patterns," both dealt with practical design and operational know-how for Kubernetes, and were packed with practical knowledge that could be used as a reference for design.
AmbassadorThe following points were shared during the discussion:
sleep
explicit sidecar
Adapter
Sidecar
Part 4
Configuration TemplateThe following comments were particularly impressive:
- Many people said that environment variables cannot be changed and are not suitable for flexible operation.
Secret
etcd
Immutable Configuration
Configuration Template
Both patterns are topics closely related to CI/CD design and team operational policies. It was a great achievement to be able to discuss not only the individual options but also how they can be applied to our own operations.
Part 5
Part 5, "Security Patterns," introduced basic principles and practical examples for safely running applications on Kubernetes from various perspectives. Based on perspectives such as minimizing the attack surface, protecting confidential information, and access control, security design concepts and actual challenges were clearly organized, and much of the content was immediately applicable in the field.
The discussion focused particularly on the following points:
allowPrivilegeEscalation: false
pod-security.kubernetes.io/enforce
AuthorizationPolicy
- Regarding secret management, there are many options such as Sealed Secret, Vault, and CSI Driver, but the complexity of operation can be a bottleneck for all of them, and there was agreement that it is an area that "we don't want to do but can't avoid."
escalate
Security can be an area that can easily impair the development experience, and drawing the line at what level of protection is always a difficult issue. This was a good opportunity to stop and think about security, which tends to be put off.
Part 6
OperatorHowever, this reading group did not include any reading or discussion on this topic, as most of the participants had no experience with Operator development and had few opportunities to be involved in it in their current SRE work, and it was therefore deemed not to be a high priority.
Internal Developer PlatformConclusion
Through the content of this reading group, the entire team was able to deepen their knowledge of Kubernetes design and operations. We would like to express our sincere gratitude to translator Hayato Matsuura for providing us with the Japanese version of this book. The high-quality translation made it easy to understand the complex technical content and led to practical discussions. If you are interested, please pick up a copy of this book.
SRG is looking for people to work with us.
If you're interested, please contact us here.