Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kubernetes – An Enterprise Guide
  • Table Of Contents Toc
  • Feedback & Rating feedback
Kubernetes – An Enterprise Guide

Kubernetes – An Enterprise Guide

By : Marc Boorshtein, Scott Surovich
4.8 (13)
Buy this Book
close
close
Kubernetes – An Enterprise Guide

Kubernetes – An Enterprise Guide

4.8 (13)
By: Marc Boorshtein, Scott Surovich
Buy this Book

Overview of this book

Stay at the forefront of cloud-native technologies with the eagerly awaited Kubernetes – An Enterprise Guide, Third Edition. Delve deep into Kubernetes and emerge with the latest insights to conquer today's dynamic enterprise challenges. This meticulously crafted edition equips you with the latest insights to skillfully navigate the twists and turns of ever-evolving cloud technology. Experience a more profound exploration of advanced Kubernetes deployments, revolutionary techniques, and expert strategies that redefine your cloud-native skill set. Discover cutting-edge topics reshaping the technological frontier like virtual clusters, container security, and secrets management. Gain an edge by mastering these critical aspects of Kubernetes and propelling your enterprise to new heights. Expertly harness Kubernetes' power for business-critical applications with insider techniques. Smoothly transition to microservices with Istio, excel at modern deployments with GitOps/CI/CD, and bolster security with OPA/Gatekeeper and KubeArmor. Integrate Kubernetes with leading tools for maximum impact in a competitive landscape. Stay ahead of the technology curve with cutting-edge strategies for innovation and growth. Redefine cloud-native excellence with this definitive guide to leveraging Kubernetes.
Table of Contents (22 chapters)
close
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Docker and Container Essentials
Docker and Container Essentials
Technical requirements
Understanding the need for containerization
Understanding why Kubernetes removed Docker
Understanding Docker
Installing Docker
Using the Docker CLI
Summary
Questions
Join our book’s Discord space
2
Deploying Kubernetes Using KinD
Deploying Kubernetes Using KinD
Technical requirements
Introducing Kubernetes components and objects
Using development clusters
Installing KinD
Creating a KinD cluster
Reviewing your KinD cluster
Adding a custom load balancer for Ingress
Summary
Questions
3
Kubernetes Bootcamp
Kubernetes Bootcamp
Technical requirements
An overview of Kubernetes components
Exploring the control plane
Understanding the worker node components
Interacting with the API server
Introducing Kubernetes resources
Summary
Questions
Join our book’s Discord space
4
Services, Load Balancing, and Network Policies
Services, Load Balancing, and Network Policies
Technical requirements
Exposing workloads to requests
Introduction to load balancers
Layer 7 load balancers
Layer 4 load balancers
Introducing Network Policies
Summary
Questions
5
External DNS and Global Load Balancing
External DNS and Global Load Balancing
Technical requirements
Making service names available externally
Exposing CoreDNS to external requests
Load balancing between multiple clusters
Summary
Questions
Join our book’s Discord space
6
Integrating Authentication into Your Cluster
Integrating Authentication into Your Cluster
Technical requirements
Getting Help
Understanding how Kubernetes knows who you are
Understanding OpenID Connect
Configuring KinD for OpenID Connect
Introducing impersonation to integrate authentication with cloud-managed clusters
Configuring your cluster for impersonation
Authenticating from pipelines
Summary
Questions
Answers
7
RBAC Policies and Auditing
RBAC Policies and Auditing
Technical requirements
Introduction to RBAC
Mapping enterprise identities to Kubernetes to authorize access to resources
Implementing namespace multi-tenancy
Kubernetes auditing
Using audit2rbac to debug policies
Summary
Questions
Answers
Join our book’s Discord space
8
Managing Secrets
Managing Secrets
Technical Requirements
Getting Help
Examining the difference between Secrets and Configuration Data
Understanding Secrets Managers
Integrating Secrets into Your Deployments
Summary
Questions
Answers
9
Building Multitenant Clusters with vClusters
Building Multitenant Clusters with vClusters
Technical requirements
Getting Help
The Benefits and Challenges of Multitenancy
Using vClusters for Tenants
Building a Multitenant Cluster with Self Service
Summary
Questions
Answers
Join our book’s Discord space
10
Deploying a Secured Kubernetes Dashboard
Deploying a Secured Kubernetes Dashboard
Technical requirements
How does the dashboard know who you are?
Understanding dashboard security risks
Deploying the dashboard with a reverse proxy
Integrating the dashboard with OpenUnison
What’s changed in the Kubernetes Dashboard 7.0
Summary
Questions
Answers
11
Extending Security Using Open Policy Agent
Extending Security Using Open Policy Agent
Technical requirements
Introduction to dynamic admission controllers
What is OPA and how does it work?
Using Rego to write policies
Enforcing Ingress policies
Mutating objects and default values
Creating policies without Rego
Summary
Questions
Answers
Join our book’s Discord space
12
Node Security with Gatekeeper
Node Security with Gatekeeper
Technical requirements
What is node security?
Enforcing node security with Gatekeeper
Using Pod Security Standards to enforce Node Security
Summary
Questions
Answers
13
KubeArmor Securing Your Runtime
chevron up
KubeArmor Securing Your Runtime
Technical requirements
What is runtime security?
Introducing KubeArmor
Deploying KubeArmor
Enabling KubeArmor logging
KubeArmor and LSM policies
Creating a KubeArmorSecurityPolicy
Using karmor to interact with KubeArmor
Summary
Questions
Answers
Join our book’s Discord space
14
Backing Up Workloads
Backing Up Workloads
Technical requirements
Understanding Kubernetes backups
Performing an etcd backup
Introducing and setting up VMware’s Velero
Using Velero to back up workloads and PVCs
Managing Velero using the CLI
Restoring from a backup
Summary
Questions
Answers
15
Monitoring Clusters and Workloads
Monitoring Clusters and Workloads
Technical Requirements
Managing Metrics in Kubernetes
How Kubernetes Provides Metrics
Deploying the Prometheus Stack
Log Management in Kubernetes
Summary
Questions
Answers
Join our book’s Discord space
16
An Introduction to Istio
An Introduction to Istio
Technical requirements
Understanding the Control Plane and Data Plane
Why should you care about a Service mesh?
Introduction to Istio concepts
Installing Istio
Introducing Istio resources
Deploying add-on components to provide observability
Deploying an application into the Service mesh
The future: Ambient mesh
Summary
Questions
Answers
17
Building and Deploying Applications on Istio
Building and Deploying Applications on Istio
Technical requirements
Comparing microservices and monoliths
Deploying a monolith
Building a microservice
Do I need an API gateway?
Summary
Questions
Join our book’s Discord space
18
Provisioning a Multitenant Platform
Provisioning a Multitenant Platform
Technical requirements
Designing a pipeline
Designing our platform architecture
Using Infrastructure as Code for deployment
Automating tenant onboarding
Considerations for building an Internal Developer Platform
Summary
Questions
Answers
19
Building a Developer Portal
Building a Developer Portal
Technical Requirements
Deploying our IDP
Onboarding a Tenant
Deploying an Application
Adding Users to a Tenant
Expanding Our Platform
Summary
Questions
Answers
Join our book’s Discord space
20
Other Books You May Enjoy
Other Books You May Enjoy
Share your thohughts
21
Index
Index

Creating a KubeArmorSecurityPolicy

It’s time to create some policies! When KubeArmor is deployed, it creates three Custom Resource Definitions and one of those is kubearmorpolicies.security.kubearmor.com, which is used to create new policy resources.

Let’s jump right into an example policy. You do not need to deploy this to your cluster; it’s being used to show an example policy.

If we want to block any attempted access to create a file in the /bin directory of our containers in the demo namespace, the format of this policy is shown below:

apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: block-write-bin
  namespace: demo
spec:
  action: Block
  file:
    matchDirectories:
    - dir: /bin/
      readOnly: true
      recursive: true
  message: Alert! An attempt to write to the /bin directory denied.

Breaking down this policy, we can see that it’s using the security.kubearmor.com/v1 API and it’s a KubeArmorPolicy...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 8
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY