Kubernetes - an Enterprise Guide : Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability / Marc Boorshtein, Scott Surovich, and Ed Price.

Format:

Book

Author/Creator:

Boorshtein, Marc, author.

Surovich, Scott, author.

Price, Ed, author.

Series:

Expert insight.

Expert insight

Language:

English

Subjects (All):

Kubernetes.

Application software--Development--Computer programs.

Application software.

Application program interfaces (Computer software).

Open source software.

Physical Description:

1 online resource (683 pages)

Edition:

Third edition.

Place of Publication:

Birmingham, England : Packt Publishing Ltd., [2024]

Biography/History:

Boorshtein Marc: Marc Boorshtein has been a software engineer and consultant for 20 years and is currently the CTO (Chief Technology Officer) of Tremolo Security, Inc. Marc has spent most of his career building identity management solutions for large enterprises, U. S. Government civilian agencies, and local government public safety systems. Surovich Scott: Scott Surovich has been involved in the industry for over 25 years and is currently the Global Container Engineering Lead at a tier 1 bank as the Global on-premises Kubernetes product owner architecting and, delivering cluster standards, including the surrounding ecosystem. His previous roles include working on other global engineering teams, including Windows, Linux, and virtualization.

Summary:

Stay at the forefront of cloud-native technologies with the eagerly awaited Kubernetes – An Enterprise Guide, Third Edition. Delve deep into Kubernetes and emerge with the latest insights to conquer today's dynamic enterprise challenges. This meticulously crafted edition equips you with the latest insights to skillfully navigate the twists and turns of ever-evolving cloud technology. Experience a more profound exploration of advanced Kubernetes deployments, revolutionary techniques, and expert strategies that redefine your cloud-native skill set. Discover cutting-edge topics reshaping the technological frontier like virtual clusters, container security, and secrets management. Gain an edge by mastering these critical aspects of Kubernetes and propelling your enterprise to new heights. Expertly harness Kubernetes' power for business-critical applications with insider techniques. Smoothly transition to microservices with Istio, excel at modern deployments with GitOps/CI/CD, and bolster security with OPA/Gatekeeper and KubeArmor. Integrate Kubernetes with leading tools for maximum impact in a competitive landscape. Stay ahead of the technology curve with cutting-edge strategies for innovation and growth. Redefine cloud-native excellence with this definitive guide to leveraging Kubernetes.

Contents:

Cover

Copyright

Foreword

Contributors

Table of Contents

Preface

Chapter 1: Docker and Container Essentials

Technical requirements

Understanding the need for containerization

Understanding why Kubernetes removed Docker

Introducing Docker

Docker versus Moby

Understanding Docker

Containers are ephemeral

Docker images

Image layers

Persistent data

Accessing services running in containers

Installing Docker

Preparing to install Docker

Installing Docker on Ubuntu

Granting Docker permissions

Using the Docker CLI

docker help

docker run

docker ps

docker start and stop

docker attach

docker exec

docker logs

docker rm

docker pull/run

docker build

Summary

Questions

Chapter 2: Deploying Kubernetes Using KinD

Introducing Kubernetes components and objects

Interacting with a cluster

Using development clusters

Why did we select KinD for this book?

Working with a basic KinD Kubernetes cluster

Understanding the node image

KinD and Docker networking

Keeping track of the nesting dolls

Installing KinD

Installing KinD - prerequisites

Installing kubectl

Installing the KinD binary

Creating a KinD cluster

Creating a simple cluster

Deleting a cluster

Creating a cluster config file

Multi-node cluster configuration

Customizing the control plane and Kubelet options

Creating a custom KinD cluster

Reviewing your KinD cluster

KinD storage objects

Storage drivers

KinD storage classes

Using KinD's Storage Provisioner

Adding a custom load balancer for Ingress

Creating the KinD cluster configuration

The HAProxy configuration file

Understanding HAProxy traffic flow

Simulating a kubelet failure

Chapter 3: Kubernetes Bootcamp.

Technical requirements

An overview of Kubernetes components

Exploring the control plane

The Kubernetes API server

The etcd database

kube-scheduler

kube-controller-manager

cloud-controller-manager

Understanding the worker node components

kubelet

kube-proxy

Container runtime

Interacting with the API server

Using the Kubernetes kubectl utility

Understanding the verbose option

General kubectl commands

Introducing Kubernetes resources

Kubernetes manifests

What are Kubernetes resources?

Reviewing Kubernetes resources

Apiservices

CertificateSigningRequests

ClusterRoles

ClusterRoleBindings

ComponentStatus

ConfigMaps

ControllerRevisions

CronJobs

CSI drivers

CSI nodes

CSIStorageCapacities

CustomResourceDefinitions

DaemonSets

Deployments

Endpoints

EndPointSlices

Events

FlowSchemas

HorizontalPodAutoscalers

IngressClasses

Ingress

Jobs

LimitRanges

LocalSubjectAccessReview

MutatingWebhookConfiguration

Namespaces

NetworkPolicies

Nodes

PersistentVolumeClaims

PersistentVolumes

PodDisruptionBudgets

Pods

PodTemplates

PriorityClasses

PriorityLevelConfigurations

ReplicaSets

Replication controllers

ResourceQuotas

RoleBindings

Roles

RuntimeClasses

Secrets

SelfSubjectAccessReviews

SelfSubjectRulesReviews

Service accounts

Services

StatefulSets

Storage classes

SubjectAccessReviews

TokenReviews

ValidatingWebhookConfigurations

VolumeAttachments

Chapter 4: Services, Load Balancing, and Network Policies

Exposing workloads to requests

Understanding how Services work

Creating a Service

Using DNS to resolve services

Understanding different service types

The ClusterIP service

The NodePort service.

The LoadBalancer service

The ExternalName service

Introduction to load balancers

Understanding the OSI model

Layer 7 load balancers

Name resolution and layer 7 load balancers

Using nip.io for name resolution

Creating Ingress rules

Resolving Names in Ingress Controllers

Using Ingress Controllers for non-HTTP traffic

Layer 4 load balancers

Layer 4 load balancer options

Using MetalLB as a layer 4 load balancer

Installing MetalLB

Understanding MetalLB's custom resources

MetalLB components

Creating a LoadBalancer service

Advanced pool configurations

Disabling automatic address assignments

Assigning a static IP address to a service

Using multiple address pools

IP pool scoping

Handling buggy networks

Using multiple protocols

Introducing Network Policies

Network policy object overview

The podSelector

The policyTypes

Creating a Network Policy

Tools to create network policies

Chapter 5: External DNS and Global Load Balancing

Making service names available externally

Setting up ExternalDNS

Integrating ExternalDNS and CoreDNS

Adding an ETCD zone to CoreDNS

ExternalDNS configuration options

Creating a LoadBalancer service with ExternalDNS integration

Integrating CoreDNS with an enterprise DNS server

Exposing CoreDNS to external requests

Configuring the primary DNS server

Testing DNS forwarding to CoreDNS

Load balancing between multiple clusters

Introducing the Kubernetes Global Balancer

Requirements for K8GB

Deploying K8GB to a cluster

Understanding K8GB load balancing options

Customizing the Helm chart values

Using Helm to install K8GB

Delegating our load balancing zone

Deploying a highly available application using K8GB.

Adding an application to K8GB using custom resources

Adding an application to K8GB using Ingress annotations

Understanding how K8GB provides global load balancing

Keeping the K8GB CoreDNS servers in sync

Chapter 6: Integrating Authentication into Your Cluster

Getting Help

Understanding how Kubernetes knows who you are

External users

Groups in Kubernetes

Understanding OpenID Connect

The OpenID Connect protocol

Following OIDC and the API's interaction

id_token

Other authentication options

Certificates

TokenRequest API

Custom authentication webhooks

Configuring KinD for OpenID Connect

Addressing the requirements

Using LDAP and Active Directory with Kubernetes

Mapping Active Directory groups to RBAC RoleBindings

Kubernetes Dashboard access

Kubernetes CLI access

Enterprise compliance requirements

Pulling it all together

Deploying OpenUnison

Configuring the Kubernetes API to use OIDC

Verifying OIDC integration

Using your tokens with kubectl

Introducing impersonation to integrate authentication with cloud-managed clusters

What is Impersonation?

Security considerations

Configuring your cluster for impersonation

Testing Impersonation

Using Impersonation for Debugging

Configuring Impersonation without OpenUnison

Impersonation RBAC policies

Default groups

Inbound Impersonation

Privileged Access to Clusters

Using a Privileged User Account

Impersonating a Privileged User

Temporarily Authorizing Privilege

Authenticating from pipelines

Using tokens

Using certificates

Using a pipeline's identity

Avoiding anti-patterns

Answers

Chapter 7: RBAC Policies and Auditing

Technical requirements.

Introduction to RBAC

What's a Role?

Identifying a Role

Roles versus ClusterRoles

Negative Roles

Aggregated ClusterRoles

RoleBindings and ClusterRoleBindings

Combining ClusterRoles and RoleBindings

Mapping enterprise identities to Kubernetes to authorize access to resources

Implementing namespace multi-tenancy

Kubernetes auditing

Creating an audit policy

Enabling auditing on a cluster

Using audit2rbac to debug policies

Chapter 8: Managing Secrets

Technical Requirements

Examining the difference between Secrets and Configuration Data

Managing Secrets in an Enterprise

Threats to Secrets at Rest

Threats to Secrets in Transit

Protecting Secrets in Your Applications

Understanding Secrets Managers

Storing Secrets as Secret Objects

Sealed Secrets

External Secrets Managers

Using a Hybrid of External Secrets Management and Secret Objects

Integrating Secrets into Your Deployments

Volume Mounts

Using Kubernetes Secrets

Using Vault's Sidecar Injector

Environment Variables

Using the Vault Sidecar

Using the Kubernetes Secrets API

Using the Vault API

Chapter 9: Building Multitenant Clusters with vClusters

The Benefits and Challenges of Multitenancy

Exploring the Benefits of Multitenancy

The Challenges of Multitenant Kubernetes

Using vClusters for Tenants

Deploying vClusters

Securely Accessing vClusters

Accessing External Services from a vCluster

Creating and Operating High-Availability vClusters

Understanding vCluster High Availability

Upgrading vClusters

Building a Multitenant Cluster with Self Service

Analyzing Requirements

Designing the Multitenant Platform.

Deploying Our Multitenant Platform.

Notes:

Description based on publisher supplied metadata and other sources.

Description based on print version record.

ISBN:

9781835081754

1835081754

OCLC:

1455284353