Report from the Kubernetes Patterns 2nd Edition Reading Group

Ishikawa Kumo, Service Reliability Group (SRG), Media Management Division@ishikawa_kumo)is.
#SRGThe Service Reliability Group primarily provides comprehensive support for the infrastructure surrounding our media services, focusing on improving existing services, launching new ones, and contributing to open-source software (OSS).
This article introduces a book club on Kubernetes-related topics that we conducted within our company from November 2024 to February 2025.

background


This book was given to me last September by translator Hayato Matsuura for review. However, I was extremely busy with work at the time and didn't have enough time to read it properly, so I haven't been able to publish a review until now.
Around that time, several people on the team had also bought the book, and we decided to hold a reading group so we could read and discuss it together.
As an apology for not being able to write a book review, I've decided to publish an article summarizing a practical book club meeting held within my company, as my own form of output.

Event style


In typical reading groups, one person often presents the text, while other members don't delve deeply into it, which hinders in-depth discussion. Therefore, in this reading group, we adopted a style where everyone reads the relevant section at the same time, and each person takes notes beforehand on points that caught their attention or questions they had.
Each member presented their notes within a 30-minute to 1-hour time slot, and participants were free to add comments and supplementary information. In some sections, there was a lot of discussion, so we further divided the sections as needed.
Below are some examples of notes that were actually shared.

Rotary reading group report

From here, I will introduce an overview of each section and the key points of discussion, based on the contents of the book.

Part 1


Part 1, "Basic Patterns," outlines the fundamental design and operational principles essential for running applications on Kubernetes.
This document outlines the process from a Kubernetes perspective: how an application declares resource requests, how it is deployed, maintains health, responds to lifecycle events, and ultimately lands on a node.
The resource control aspects covered in Chapter 2, "Predictable Demand," attracted particular attention. Much of the content is directly relevant to practical operations, and the following opinions and discussions took place:
  • limits
    • limits
  • limits
  • You should understand the behavior of QoS classes and Eviction.
  • PriorityClass
  • ResourceQuota
In addition, the topics covered, such as best practices for deployment strategies and health checks, how to use lifecycle hooks, and scheduling optimization, were all useful for on-site design and troubleshooting.

Part 2


Part Two, "Behavioral Patterns," focuses on the runtime behavior of Pods and outlines how Kubernetes can support and control it. It is structured from the perspective of how to choose the appropriate configuration depending on the type of workload and the characteristics of the service, and organizes knowledge that is useful for runtime design and operation.
StatefulSet
Downward API
The following opinions and lessons learned were shared during the discussion:
  • StatefulSet
  • DaemonSet
  • ReplicaSet
  • suspend
  • StatefulSet
These patterns, which support diverse execution methods, are crucial elements directly related to the reliability and scalability of services. Part two provided many insights that will help improve the accuracy of design decisions.

Part 3


Parts 3, "Structured Patterns," and 4, "Configuration Patterns," both deal with practical design and operational know-how in Kubernetes, and are packed with practical insights that can be used as a reference for design.
Ambassador
The following points were shared during the discussion:
  • sleep
  • explicit sidecar
  • Adapter
  • Sidecar

Part 4


Configuration Template
The following were some of the comments that made a particularly strong impression on me:
  • Many people felt that environment variables were unchangeable and unsuitable for flexible operation.
  • Secret
  • etcd
  • Immutable Configuration
  • Configuration Template
All of these patterns are closely related to CI/CD design and team operational policies. A major achievement was not only learning about each option as knowledge, but also discussing how we could implement them in our own operations.

Part 5


Part Five, "Security Patterns," presented fundamental policies and practical examples for securely operating applications on Kubernetes from various perspectives. Focusing on aspects such as minimizing the attack surface, protecting confidential information, and access control, the concepts of security design and actual challenges were clearly organized, and much of the content was immediately applicable in practice.
The following points, in particular, attracted attention during the discussion:
  • allowPrivilegeEscalation: false
  • pod-security.kubernetes.io/enforce
  • AuthorizationPolicy
  • Regarding secret management, there are plenty of options such as Sealed Secrets, Vault, and CSI Driver, but the complexity of their operation is often a bottleneck, leading to a shared sentiment that it's an area we don't want to deal with but can't avoid.
  • escalate
Security can sometimes detract from the development experience, and drawing the line on what to protect is always a difficult challenge. This was a good opportunity to pause and think about security, which is often put on the back burner.

Part 6


Operator
However, this reading group did not include any reading or discussion on this topic. This was because most participants lacked experience in Operator development and had limited opportunities to be involved in it in their current SRE work, so it was deemed not a high priority.
Internal Developer Platform

In conclusion


Through this reading group, our entire team was able to deepen our understanding of Kubernetes design and operation. We are deeply grateful to translator Hayato Matsuura for providing us with the Japanese translation of this book. The high-quality translation allowed us to smoothly understand even complex technical content and connect it to practical discussions. If you are interested, please do pick up a copy of the book.
SRG is looking for new team members. If you are interested, please contact us here.