Hands-On Kubernetes, Service Mesh and Zero-Trust : Build and Manage Secure Applications Using Kubernetes and Istio / Swapnil Dubey and Mandar J. Kulkarni.

Format:

Book

Author/Creator:

Dubey, Swapnil, author.

Kulkarni, Mandar J., author.

Language:

English

Subjects (All):

Kubernetes.

Cloud computing.

Physical Description:

1 online resource (376 pages)

Edition:

First edition.

Place of Publication:

London : BPB Online, [2023]

Summary:

A comprehensive guide to Kubernetes, Service Mesh, and Zero-Trust principles Key Features ? Delve into security practices that guarantee resilience and secure deployments. ? Discover strategies for managing Kubernetes clusters, enhancing performance, and achieving high availability and scalability. ? Acquire a conceptual understanding of the challenges faced in production environments and explore industry-standard solutions for efficient resolution. Description ??Building and managing secure applications is a crucial aspect of modern software development, especially in distributed environments. Kubernetes and Istio, when combined, provide a powerful platform for achieving application security and managing it effectively. If you want to build and manage secure applications with ease, then this book is an ideal resource for you. The book extensively covers the building blocks of the Kubernetes orchestration engine, providing in-depth insights into key Kubernetes objects that can be effectively used for deploying containerized applications. It then focuses on all major Kubernetes constructs, offering guidance on their appropriate utilization in different scenarios, while emphasizing the significance of a Zero Trust architecture. Additionally, the book addresses important aspects such as service discovery, optimized logging, and monitoring, which play a critical role in managing distributed applications. It also incorporates essential concepts from Site Reliability Engineering and enabling engineering teams, to proactively meeting Service Level Agreements and attaining operational readiness. In the final section, the book takes a deep dive into Service Mesh, with a special focus on harnessing the strength of Istio as a powerful tool. By the end of the book, you will have the knowledge and skills to effectively build, deploy, and manage secure applications using Kubernetes and Istio. What you will learn ? Learn how to successfully deploy applications on Kubernetes. ? Gain insights into the principles of Zero Trust architecture and its implementation within the Kubernetes orchestration platform. ? Get familiar with the concepts of service discovery and efficient scaling in Kubernetes, empowering you to optimize your application deployments. ? Learn about monitoring and logging within applications, and explore the essential aspects of observability to ensure the reliability of your systems. ? Acquire expertise in service mesh, particularly Istio, to efficiently handle traffic, enhance application reliability, and fortify security measures. Who this book is for This book caters to a wide range of readers, including developers utilizing Kubernetes, DevOps teams, senior software engineers, cloud-native teams, and cloud developers with a foundational knowledge of containers and software development. Table of Contents 1. Docker and Kubernetes 101 2. PODs 3. HTTP Load Balancing with Ingress 4. Kubernetes Workload Resources 5. ConfigMap, Secrets, and Labels 6. Configuring Storage with Kubernetes 7. Introduction to Service Discovery 8. Zero Trust Using Kubernetes 9. Monitoring, Logging and Observability 10. Effective Scaling 11. Introduction to Service Mesh and Istio 12. Traffic Management Using Istio 13. Observability Using Istio 14. Securing Your Services Using Istio

Contents:

Book Title

Inner title

Copyright

Dedicated

About the Authors

About the Reviewer

Acknowledgements

Preface

Code Bundle and Coloured Images

Piracy

Table of Contents

Chapter 1: Docker and Kubernetes 101

Introduction

Structure

Objectives

Introduction to Docker

Introduction to Kubernetes

Kubernetes architecture

Principles of immutability, declarative and self-healing

Installing Kubernetes

Installing Kubernetes locally using Minikube

Installing Kubernetes in Docker

Kubernetes client

Checking the version

Checking the status of Kubernetes Master Daemons

Listing all worker nodes and describing the worker node

Strategies to validate cluster quality

Cost-efficiency as measure of quality

Conclusion

Points to remember

Multiple choice questions

Answers

Chapter 2: PODs

Concept of Pods

CRUD operations on Pods

Creating and running Pods

Listing Pods

Deleting Pods

Accessing PODs

Accessing via port forwarding

Running commands inside PODs using exec

Accessing logs

Managing resources

Resource requests: Minimum and maximum limits to PODs

Data persistence

Internal: Using data volumes with PODs

External: Data on remote disks

Health checks

Startup probe

Liveness probe

Readiness probe

POD security

Pod Security Standards

Pod Security Admissions

Questions

Chapter 3: HTTP Load Balancing with Ingress

Networking 101

Configuring Kubeproxy

Configuring container network interfaces

Ingress specifications and Ingress controller

Effective Ingress usage

Utilizing hostnames

Utilizing paths

Advanced Ingress

Running and managing multiple Ingress controllers.

Ingress and namespaces

Path rewriting

Serving TLS

Alternate implementations

API gateways

Need for API gateways

Securing network

Securing via network policies

Securing via third-party tool

Best practices for securing a network

Chapter 4: Kubernetes Workload Resources

ReplicaSets

Designing ReplicaSets

Creating ReplicaSets

Inspecting ReplicaSets

Scaling ReplicaSets

Deleting ReplicaSets

Deployments

Creating deployments

Managing deployments

Updating deployments

Deployment strategies

Monitoring deployment status

Deleting deployments

DaemonSets

Creating DaemonSets

Restricting DaemonSets to specific nodes

Updating DaemonSets

Deleting DaemonSets

Kubernetes Jobs

Jobs

Job patterns

Pod and container failures

Cleaning up finished jobs automatically

CronJobs

Chapter 5: ConfigMap, Secrets, and Labels

ConfigMap

Creating ConfigMap

Consuming ConfigMaps

Secrets

Creating Secrets

Consuming Secrets

Managing ConfigMaps and Secrets

Listing

Creating

Updating

Applying and modifying labels

Labels selectors

Equality-based selector

Set-based selectors

Role of labels in Kubernetes architecture

Defining annotations

Chapter 6: Configuring Storage with Kubernetes

Storage provisioning in Kubernetes

Volumes

Persistent Volumes and Persistent Volume claims

Storage class

Using StorageClass for dynamic provisioning

StatefulSets

Properties of StatefulSets

Volume claim templates.

Headless service

Installing MongoDB on Kubernetes using StatefulSets

Disaster recovery

Container storage interface

Chapter 7: Introduction to Service Discovery

What is service discovery?

Client-side discovery pattern

Server-side discovery pattern

Service registry

Registration patterns

Self-registration pattern

Third-party registration

Service discovery in Kubernetes

Service discovery using etcd

Service discovery in Kubernetes via Kubeproxy and DNS

Advance details

Endpoints

Manual service discovery

Cluster IP environment variables

Kubeproxy and cluster IPs

Chapter 8: Zero Trust Using Kubernetes

Kubernetes security challenges

Role-based access control (RBAC)

Identity

Role and role bindings

Managing RBAC

Aggregating cluster roles

User groups for bindings

Introduction to Zero Trust Architecture

Recommendations for Kubernetes Pod security

Recommendations for Kubernetes network security

Recommendations for authentication and authorization

Recommendations for auditing and threat detection

Recommendation for application security practices

Zero trust in Kubernetes

Identity-based service to service accesses and communication

Include secret and certificate management and hardened Kubernetes encryption

Enable observability with audits and logging

Chapter 9: Monitoring, Logging and Observability

Kubernetes observability deep dive

Selecting metrics for SLIs

Setting SLO

Tracking error budgets

Creating alerts.

Probes and uptime checks

Pillars of Kubernetes observability

Challenges in observability

Exploring metrics using Prometheus and Grafana

Installing Prometheus and Grafana

Pushing custom metrics to Prometheus

Creating dashboard on the metrics using Grafana

Logging and tracing

Logging using Fluentd

Tracing with Open Telemetry using Jae

Defining a typical SRE process

Responsibilities of SRE

Incident management

Playbook maintenance

Drills

Selecting monitoring, metrics and visualization tools

Chapter 10: Effective Scaling

Needs of scaling microservices individually

Principles of scaling

Challenges of scaling

Introduction to auto scaling

Types of scaling in K8s

Horizontal pod scaling

Vertical pod scaling

Cluster autoscaling

Standard metric scaling

Custom Metric scaling

Best practices of scaling

Chapter 11: Introduction to Service Mesh and Istio

Why do you need a Service Mesh?

Service discovery

Load balancing the traffic

Monitoring the traffic between services

Collecting metrics

Recovering from failure

What is a Service Mesh?

What is Istio?

Istio architecture

Data plane

Control plane

Installing Istio

Installation using istioctl

Cost of using a Service Mesh

Data plane performance and resource consumption

Control plane performance and resource consumption

Customizing the Istio setup

Chapter 12: Traffic Management Using Istio

Traffic management via gateways

Virtual service and destination rule.

Controlling Ingress and Egress traffic

Shifting traffic between versions

Injecting faults for testing

Timeouts and retries

Circuit breaking

Chapter 13: Observability Using Istio

Understanding the telemetry flow

Sample application and proxy logs

Visualizing Service Mesh with Kiali

Querying Istio Metrics with Prometheus

Monitoring dashboards with Grafana

Distributed tracing

Chapter 14: Securing Your Services Using Istio

Identity Management with Istio

Identity verification in TLS

Certificate generation process in Istio

Authentication with Istio

Mutual TLS authentication

Secure naming

Peer authentication with a sample application

Authorization with Istio

Service authorization

End user authorization

Security architecture of Istio

Index

Back title.

Notes:

Includes index.

Description based on publisher supplied metadata and other sources.

Description based on print version record.

ISBN:

9789355518675

9355518676

9789355518682

9355518684