Book Image

Kubernetes – An Enterprise Guide - Second Edition

By : Marc Boorshtein, Scott Surovich
Book Image

Kubernetes – An Enterprise Guide - Second Edition

By: Marc Boorshtein, Scott Surovich

Overview of this book

Kubernetes has taken the world by storm, becoming the standard infrastructure for DevOps teams to develop, test, and run applications. With significant updates in each chapter, this revised edition will help you acquire the knowledge and tools required to integrate Kubernetes clusters in an enterprise environment. The book introduces you to Docker and Kubernetes fundamentals, including a review of basic Kubernetes objects. You’ll get to grips with containerization and understand its core functionalities such as creating ephemeral multinode clusters using KinD. The book has replaced PodSecurityPolicies (PSP) with OPA/Gatekeeper for PSP-like enforcement. You’ll integrate your container into a cloud platform and tools including MetalLB, externalDNS, OpenID connect (OIDC), Open Policy Agent (OPA), Falco, and Velero. After learning to deploy your core cluster, you’ll learn how to deploy Istio and how to deploy both monolithic applications and microservices into your service mesh. Finally, you will discover how to deploy an entire GitOps platform to Kubernetes using continuous integration and continuous delivery (CI/CD).

Related Content you might be interested in

Current Title:

Small book image
Kubernetes – An Enterprise Guide - Second Edition
Marc Boorshtein | Scott Surovich
Dec, 2021 | 578 pages
Small book image
Cloud Native with Kubernetes
Alexander Raul
Jan, 2021 | 446 pages
Small book image
Certified Kubernetes Administrator (CKA) Exam Guide
Meacutelony Qin
Nov, 2022 | 322 pages
Small book image
The Kubernetes Bible
Nassim Kebbani | Russ McKendrick | Piotr Tylenda
Feb, 2022 | 680 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Docker and Container Essentials
Docker and Container Essentials
Technical requirements
Understanding the need for containerization
Understanding Docker
Installing Docker
Using the Docker CLI
Summary
Questions
2
Deploying Kubernetes Using KinD
Deploying Kubernetes Using KinD
Technical requirements
Introducing Kubernetes components and objects
Using development clusters
Installing KinD
Creating a KinD cluster
Reviewing your KinD cluster
Adding a custom load balancer for Ingress
Summary
Questions
3
Kubernetes Bootcamp
Kubernetes Bootcamp
Technical requirements
An overview of Kubernetes components
Exploring the control plane
Understanding the worker node components
Interacting with the API server
Introducing Kubernetes resources
Summary
Questions
4
Services, Load Balancing, ExternalDNS, and Global Balancing
Services, Load Balancing, ExternalDNS, and Global Balancing
Technical requirements
Exposing workloads to requests
Introduction to load balancers
Layer 7 load balancers
Layer 4 load balancers
Enhancing load balancers for the enterprise
Making service names available externally
Load balancing between multiple clusters
Summary
Questions
5
Integrating Authentication into Your Cluster
Integrating Authentication into Your Cluster
Technical requirements
Understanding how Kubernetes knows who you are
Understanding OpenID Connect
Configuring KinD for OpenID Connect
Introducing impersonation to integrate authentication with cloud-managed clusters
Configuring your cluster for impersonation
Configuring Impersonation without OpenUnison
Authenticating from pipelines
Summary
Questions
6
RBAC Policies and Auditing
RBAC Policies and Auditing
Technical requirements
Introduction to RBAC
What's a Role?
Mapping enterprise identities to Kubernetes to authorize access to resources
Implementing namespace multi-tenancy
Kubernetes auditing
Using audit2rbac to debug policies
Summary
Questions
7
Deploying a Secured Kubernetes Dashboard
Deploying a Secured Kubernetes Dashboard
Technical requirements
How does the dashboard know who you are?
Understanding dashboard security risks
Deploying the dashboard with a reverse proxy
Integrating the dashboard with OpenUnison
Summary
Questions
8
Extending Security Using Open Policy Agent
Extending Security Using Open Policy Agent
Technical requirements
Introduction to dynamic admission controllers
What is OPA and how does it work?
Using Rego to write policies
Enforcing memory constraints
Mutating objects and default values
Summary
Questions
9
Node Security with GateKeeper
Node Security with GateKeeper
Technical requirements
What is node security?
Enforcing node security with GateKeeper
Summary
Questions
10
Auditing Using Falco, DevOps AI, and ECK
Auditing Using Falco, DevOps AI, and ECK
Technical requirements
Exploring auditing
Introducing Falco
Exploring Falco's configuration files
Deploying Falco
Introducing DevOPs AI
Summary
Questions
11
Backing Up Workloads
Backing Up Workloads
Technical requirements
Understanding Kubernetes backups
Performing an etcd backup
Introducing and setting up VMware's Velero
Using Velero to back up workloads
Managing Velero using the CLI
Restoring from a backup
Summary
Questions
12
An Introduction to Istio
An Introduction to Istio
Technical requirements
Why should you care about a service mesh?
Introduction to Istio concepts
Understanding the Istio components
Installing Istio
Introducing Istio resources
Deploying add-on components to provide observability
Deploying an application into the service mesh
Summary
Questions
13
Building and Deploying Applications on Istio
Building and Deploying Applications on Istio
Technical requirements
Comparing microservices and monoliths
Deploying a monolith
Building a microservice
Do I need an API gateway?
Summary
Questions
14
Provisioning a Platform
Provisioning a Platform
Technical requirements
Designing a pipeline
Preparing our cluster
Deploying GitLab
Deploying Tekton
Deploying ArgoCD
Automating project onboarding using OpenUnison
Deploying an application
Summary
Questions
15
Other Books You May Enjoy
Other Books You May Enjoy
16
Index
Index

Summary

This chapter's focus was on RBAC policy creation and debugging. We explored how Kubernetes defines authorization policies and how it applies those policies to enterprise users. We also looked at how these policies can be used to enable multi-tenancy in your cluster. Finally, we enabled the audit log in our KinD cluster and learned how to use the audit2rbac tool to debug RBAC issues.

Using Kubernetes' built-in RBAC policy management objects lets you enable access that's needed for operational and development tasks in your clusters. Knowing how to design policies can help limit the impact of issues, providing the confidence to let users do more on their own.

In the next chapter, Chapter 7, Deploying a Secured Kubernetes Dashboard, we'll be learning about how to secure the Kubernetes dashboard, as well as how to approach security for other infrastructure applications that make up your cluster. You'll learn how to apply what we've learned...

Previous Section
End of Section 9
Next Section