Book Image

Mastering Kubernetes - Fourth Edition

By : Gigi Sayfan
3.3 (3)
Book Image

Mastering Kubernetes - Fourth Edition

3.3 (3)
By: Gigi Sayfan

Overview of this book

The fourth edition of the bestseller Mastering Kubernetes includes the most recent tools and code to enable you to learn the latest features of Kubernetes 1.25. This book contains a thorough exploration of complex concepts and best practices to help you master the skills of designing and deploying large-scale distributed systems on Kubernetes clusters. You’ll learn how to run complex stateless and stateful microservices on Kubernetes, including advanced features such as horizontal pod autoscaling, rolling updates, resource quotas, and persistent storage backends. In addition, you’ll understand how to utilize serverless computing and service meshes. Further, two new chapters have been added. “Governing Kubernetes” covers the problem of policy management, how admission control addresses it, and how policy engines provide a powerful governance solution. “Running Kubernetes in Production” shows you what it takes to run Kubernetes at scale across multiple cloud providers, multiple geographical regions, and multiple clusters, and it also explains how to handle topics such as upgrades, capacity planning, dealing with cloud provider limits/quotas, and cost management. By the end of this Kubernetes book, you’ll have a strong understanding of, and hands-on experience with, a wide range of Kubernetes capabilities.

Related Content you might be interested in

Current Title:

Small book image
Mastering Kubernetes - Fourth Edition
Gigi Sayfan
Jun, 2023 | 746 pages
Small book image
Hands-On Microservices with Kubernetes
Gigi Sayfan
Jul, 2019 | 502 pages
Small book image
Becoming KCNA Certified
Dmitry Galkin
Feb, 2023 | 306 pages
Small book image
Cloud Native with Kubernetes
Alexander Raul
Jan, 2021 | 446 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
1
Understanding Kubernetes Architecture
Understanding Kubernetes Architecture
What is Kubernetes?
What Kubernetes is not
Understanding container orchestration
Kubernetes concepts
Diving into Kubernetes architecture in depth
Kubernetes container runtimes
Summary
Free Chapter
2
Creating Kubernetes Clusters
Creating Kubernetes Clusters
Getting ready for your first cluster
Creating a single-node cluster with Minikube
Creating a multi-node cluster with KinD
Creating a multi-node cluster with k3d
Comparing Minikube, KinD, and k3d
Creating clusters in the cloud (GCP, AWS, Azure, and Digital Ocean)
Creating a bare-metal cluster from scratch
Summary
3
High Availability and Reliability
High Availability and Reliability
High availability concepts
High availability best practices
High availability, scalability, and capacity planning
Large cluster performance, cost, and design trade-offs
Choosing and managing the cluster capacity
Pushing the envelope with Kubernetes
Testing Kubernetes at scale
Summary
4
Securing Kubernetes
Securing Kubernetes
Understanding Kubernetes security challenges
Hardening Kubernetes
Running a multi-tenant cluster
Summary
5
Using Kubernetes Resources in Practice
Using Kubernetes Resources in Practice
Designing the Hue platform
Using Kubernetes to build the Hue platform
Separating internal and external services
Advanced scheduling
Using namespaces to limit access
Using Kustomization for hierarchical cluster structures
Launching jobs
Mixing non-cluster components
Evolving the Hue platform with Kubernetes
Summary
6
Managing Storage
Managing Storage
Persistent volumes walk-through
Demonstrating persistent volume storage end to end
Public cloud storage volume types – GCE, AWS, and Azure
GlusterFS and Ceph volumes in Kubernetes
Integrating enterprise storage into Kubernetes
The Container Storage Interface
Summary
7
Running Stateful Applications with Kubernetes
Running Stateful Applications with Kubernetes
Stateful versus stateless applications in Kubernetes
Running a Cassandra cluster in Kubernetes
Summary
8
Deploying and Updating Applications
Deploying and Updating Applications
Live cluster updates
Horizontal pod autoscaling
Handling scarce resources with limits and quotas
Continuous integration and deployment
Provisioning infrastructure for your applications
Summary
9
Packaging Applications
Packaging Applications
Understanding Helm
Using Helm
Creating your own charts
Helm alternatives
Summary
10
Exploring Kubernetes Networking
Exploring Kubernetes Networking
Understanding the Kubernetes networking model
Kubernetes network plugins
Kubernetes and eBPF
Kubernetes networking solutions
Using network policies effectively
Load balancing options
Writing your own CNI plugin
Summary
11
Running Kubernetes on Multiple Clusters
Running Kubernetes on Multiple Clusters
Stretched Kubernetes clusters versus multi-cluster Kubernetes
The history of cluster federation in Kubernetes
Cluster API
Karmada
Clusternet
Clusterpedia
Open Cluster Management
Virtual Kubelet
Introducing the Gardener project
Summary
12
Serverless Computing on Kubernetes
Serverless Computing on Kubernetes
Understanding serverless computing
Serverless Kubernetes in the cloud
Knative
Kubernetes Function-as-a-Service frameworks
Summary
13
Monitoring Kubernetes Clusters
Monitoring Kubernetes Clusters
Understanding observability
Logging with Kubernetes
Collecting metrics with Kubernetes
Distributed tracing with Kubernetes
Troubleshooting problems
Summary
14
Utilizing Service Meshes
Utilizing Service Meshes
What is a service mesh?
Choosing a service mesh
Understanding the Istio architecture
Incorporating Istio into your Kubernetes cluster
Working with Istio
Summary
15
Extending Kubernetes
Extending Kubernetes
Working with the Kubernetes API
Extending the Kubernetes API
Writing Kubernetes plugins
Employing access control webhooks
Additional extension points
Summary
16
Governing Kubernetes
Governing Kubernetes
Kubernetes in the enterprise
What is Kubernetes governance?
Policy engines
Kyverno deep dive
Summary
17
Running Kubernetes in Production
Running Kubernetes in Production
Understanding Managed Kubernetes in the cloud
Managing multiple clusters
Building effective processes for large-scale Kubernetes deployments
Handling infrastructure at scale
Managing clusters and node pools
Bin packing and utilization
Upgrading Kubernetes
Troubleshooting
Cost management
Summary
18
The Future of Kubernetes
The Future of Kubernetes
The Kubernetes momentum
The rise of managed Kubernetes platforms
Upcoming trends
Kubernetes and AI
Kubernetes challenges
Summary
19
Other Books You May Enjoy
Other Books You May Enjoy
20
Index
Index

Employing access control webhooks

Kubernetes provides several ways for you to customize access control. In Kubernetes, access control can be denoted with triple-A: Authentication, Authorization, and Admission control. In early versions, access control happened through plugins that required Go programming, installing them into your cluster, registration, and other invasive procedures. Now, Kubernetes lets you customize authentication, authorization, and admission control via web hooks. Here is the access control workflow:

Figure 15.6: Access control workflow

Using an authentication webhook

Kubernetes lets you extend the authentication process by injecting a webhook for bearer tokens. It requires two pieces of information: how to access the remote authentication service and the duration of the authentication decision (it defaults to two minutes).

To provide this information and enable authentication webhooks, start the API server with the following command-line...

Previous Section
End of Section 5
Next Section