Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kubernetes – An Enterprise Guide
  • Table Of Contents Toc
  • Feedback & Rating feedback
Kubernetes – An Enterprise Guide

Kubernetes – An Enterprise Guide

By : Marc Boorshtein, Scott Surovich
4.8 (13)
close
close
Kubernetes – An Enterprise Guide

Kubernetes – An Enterprise Guide

4.8 (13)
By: Marc Boorshtein, Scott Surovich

Overview of this book

Stay at the forefront of cloud-native technologies with the eagerly awaited Kubernetes – An Enterprise Guide, Third Edition. Delve deep into Kubernetes and emerge with the latest insights to conquer today's dynamic enterprise challenges. This meticulously crafted edition equips you with the latest insights to skillfully navigate the twists and turns of ever-evolving cloud technology. Experience a more profound exploration of advanced Kubernetes deployments, revolutionary techniques, and expert strategies that redefine your cloud-native skill set. Discover cutting-edge topics reshaping the technological frontier like virtual clusters, container security, and secrets management. Gain an edge by mastering these critical aspects of Kubernetes and propelling your enterprise to new heights. Expertly harness Kubernetes' power for business-critical applications with insider techniques. Smoothly transition to microservices with Istio, excel at modern deployments with GitOps/CI/CD, and bolster security with OPA/Gatekeeper and KubeArmor. Integrate Kubernetes with leading tools for maximum impact in a competitive landscape. Stay ahead of the technology curve with cutting-edge strategies for innovation and growth. Redefine cloud-native excellence with this definitive guide to leveraging Kubernetes.
Table of Contents (22 chapters)
close
close
20
Other Books You May Enjoy
21
Index

What this book covers

Chapter 1, Docker and Container Essentials, covers the problems Docker and Kubernetes address for developers. You will be introduced to Docker, including the Docker daemon, data, installation, and using the Docker CLI.

Chapter 2, Deploying Kubernetes Using KinD, helps with creating development clusters using KinD, a powerful tool that allows you to create clusters ranging from a single-node cluster to a full multi-node cluster. The chapter goes beyond a basic KinD cluster, explaining how to use a load balancer running HAProxy to load-balance worker nodes. By the end of the chapter, you will understand how KinD works and how to create a custom multi-node cluster, which will be used for the exercises in the chapters.

Chapter 3, Kubernetes Bootcamp, provides a refresher on Kubernetes. This chapter will cover most of the objects that a cluster includes , which will be helpful if you are new to Kubernetes. It will explain each object with a description of what each object does and its function in a cluster. It is meant to be a refresher, or a “pocket guide” to objects. It does not contain exhaustive details for each object (that would require a second book).

Chapter 4, Services, Load Balancing, and Network Policies, explains how to expose a Kubernetes Deployment using services. Each service type will be explained with examples, and you will learn how to expose them using both a layer 7 and layer 4 load balancer. In this chapter, you will go beyond the basics of a simple Ingress controller, installing MetalLB, to provide layer 4 access to services. Finally, you will learn how to provide fine-grained control over the communication between pods, enhancing security and compliance within your cluster by using Kubernetes network policies.

Chapter 5, External DNS and Global Load Balancing, will make you learn about two add-ons that benefit enterprise clusters by installing an incubator project called external-dns to provide dynamic name resolution for the services exposed by MetalLB. You will also learn how to add a Global Load Balancer to your cluster, using a project called K8GB, which provides native Kubernetes Global Load Balancing.

Chapter 6, Integrating Authentication into Your Cluster, answers the question, “Once your cluster is built, how will users access it?” In this chapter we’ll detail how OpenID Connect works and why you should use it to access your cluster. You’ll also learn how to authenticate your pipelines, and finally, we’ll also cover several anti-patterns that should be avoided and explain why they should be avoided.

Chapter 7, RBAC Policies and Auditing, explains that once users have access to a cluster, you need to know how to limit their access. Whether you are providing an entire cluster to your users or just a namespace, you’ll need to know how Kubernetes authorizes access via its role-based access control (RBAC) system. In this chapter, we’ll detail how to design RBAC policies, how to debug them, and different strategies for multi-tenancy.

Chapter 8, Managing Secrets, puts the focus on one of the hardest to implement issues in the Kubernetes world: how to manage secret data. First, we’ll look at the challenges of managing Secrets in Kubernetes. Then we’ll learn about HashiCorp’s Vault for secret management. Finally, we’ll integrate our clusters with Vault using both the Vault sidecar and the popular External Secrets Operator.

Chapter 9, Building Multitenant Clusters with vClusters, moves out of a single cluster toward breaking up clusters into tenants using the vCluster project from Loft. You’ll learn how vClusters work, how they interact with host clusters, how to securely access them, and how to automate their rollout for your tenants. We’ll also build off what we learned in Chapter 8 to integrate managed Secrets into our vClusters too!

Chapter 10, Deploying a Secured Kubernetes Dashboard, covers Kubernetes Dashboard, which is often the first thing users try to launch once a cluster is up and running. There’s quite a bit of mythology around security (or lack thereof). Your cluster will be made of other web applications too, such as network dashboards, logging systems, and monitoring dashboards. This chapter looks at how the dashboard is architected, how to properly secure it, and examples of how not to deploy it with details as to why.

Chapter 11, Extending Security Using Open Policy Agent, provides you with the guidance you need to deploy Open Policy Agent and GateKeeper to enable policies that can’t be implemented using RBAC. We’ll cover how to deploy Gatekeeper, how to write policies in Rego, and how to test your policies using OPA’s built-in testing framework.

Chapter 12, Node Security with Gatekeeper, deals with the security of the nodes that run your pods. We will discuss how to securely design your containers so they are harder to abuse and how to build policies using GateKeeper that prevent your containers from accessing resources they don’t need.

Chapter 13, KubeArmor Securing Your Runtime, presents security, which is the job of everyone, and providing tools to address attack vectors is key to running a secure and resilient cluster. In this chapter, you will learn how to secure your containers runtime by using a CNCF project called KubeArmor. KubeArmor provides an easy way to lock down containers using easy to understand policies.

Chapter 14, Backing Up Workloads, explains how to create a backup of your cluster workloads for disaster recovery or cluster migrations, using Velero. You will work hands-on to create an S3-compatible storage location using MinIO to create a backup of example workloads and persistent storage. You will then restore the backup to a brand-new cluster to simulate a cluster migration.

Chapter 15, Monitoring Clusters and Workloads, explores how to know how healthy your cluster is using Prometheus and OpenSearch. You’ll start with understanding how Kubernetes and Prometheus handle metrics, then we’ll deploy the Prometheus stack with Alertmanager and Grafana. You’ll learn how to secure the stack and how to extend it to monitor additional workloads. After we’re done with monitoring, we will move on to log aggregation with OpenSearch. We will start with exploring how logging in Kubernetes works, move on to integrating OpenSearch, and wrap up with securing access to OpenSearch with OpenUnison.

Chapter 16, An Introduction to Istio, explains that many enterprises use a service mesh to provide advanced features such as security, traffic routing, authentication, tracing, and observability to a cluster. This chapter will introduce you to Istio, a popular open-source mesh, and its architecture, along with the most commonly used resources it provides. You will deploy Istio to your KinD cluster with an example application and learn how to observe the behavior of an application using an observability tool called Kiali.

Chapter 17, Building and Deploying Applications on Istio, acknowledges that once you’ve deployed Istio, you’ll want to develop and deploy applications that use it! This chapter starts with a walk-through of the differences between monoliths and microservices and how they’re deployed. Next, we’ll step through building a micro-service to run in Istio and get into advanced topics like authentication, authorization, and service-to-service authentication for your services. You will also learn how to secure Kiali access by leveraging existing roles in Kubernetes using an OIDC provider and JSON Web Tokens. You’ll also learn how to secure Istio services using JWTs, along with how to use token exchanges to gain access to different services, securely moving from one service to another. Finally, we use OPA to create a custom authorization rule we configure with Istio.

Chapter 18, Provisioning a Multitenant Platform, explores how to build pipelines, how to automate their creation, and how they relate to GitOps. We’ll explore how the objects that are used to drive pipelines are related to each other, how to build relationships between systems, and finally, design a self-service workflow for automating the Deployment of pipelines.

Chapter 19, Building a Developer Portal, builds off of our designs in Chapter 18 to build out a multitenant platform with many of the tools we used throughout this book. We’ll start with talking about building a lab to run our multitenant cluster in. Next we’ll roll out Kubernetes to three clusters and integrate them with GitLab, Vault, Argo CD, Harbor, and OpenUnison. Finally we’ll walk through onboarding a new vCluster based tenant using OpenUnison’s self-service portal.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY