Book Image

The Complete Kubernetes Guide

By : Jonathan Baier, Gigi Sayfan, Jesse White
Book Image

The Complete Kubernetes Guide

By: Jonathan Baier, Gigi Sayfan, Jesse White

Overview of this book

If you are running a number of containers and want to be able to automate the way they’re managed, it can be helpful to have Kubernetes at your disposal. This Learning Path guides you through core Kubernetes constructs, such as pods, services, replica sets, replication controllers, and labels. You'll get started by learning how to integrate your build pipeline and deployments in a Kubernetes cluster. As you cover more chapters in the Learning Path, you'll get up to speed with orchestrating updates behind the scenes, avoiding downtime on your cluster, and dealing with underlying cloud provider instability in your cluster. With the help of real-world use cases, you'll also explore options for network configuration, and understand how to set up, operate, and troubleshoot various Kubernetes networking plugins. In addition to this, you'll gain insights into custom resource development and utilization in automation and maintenance workflows. By the end of this Learning Path, you'll have the expertise you need to progress from an intermediate to an advanced level of understanding Kubernetes. This Learning Path includes content from the following Packt products: • Getting Started with Kubernetes - Third Edition by Jonathan Baier and Jesse White • Mastering Kubernetes - Second Edition by Gigi Sayfan

Related Content you might be interested in

Current Title:

Small book image
The Complete Kubernetes Guide
Jonathan Baier | Gigi Sayfan | Jesse White
May, 2019 | 10 hours 28 minutes
No titles found
Table of Contents (26 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Introduction to Kubernetes
Introduction to Kubernetes
Technical requirements
A brief overview of containers
Why are containers so cool?
The advantages of Continuous Integration/Continuous Deployment
Microservices and orchestration
Our first clusters
Working with other providers
Summary
2
Understanding Kubernetes Architecture
Understanding Kubernetes Architecture
What is Kubernetes?
What Kubernetes is not
Understanding container orchestration
Kubernetes concepts
Diving into Kubernetes architecture in-depth
The Kubernetes APIs
Kubernetes components
Kubernetes runtimes
Continuous integration and deployment
Summary
3
Building a Foundation with Core Kubernetes Constructs
Building a Foundation with Core Kubernetes Constructs
Technical requirements
Core constructs
Our first Kubernetes application
Health checks
Application scheduling
Summary
4
Working with Networking, Load Balancers, and Ingress
Working with Networking, Load Balancers, and Ingress
Technical requirements
Container networking
Advanced services
Service discovery
DNS
Multitenancy
A note on resource usage
Summary
5
Using Critical Kubernetes Resources
Using Critical Kubernetes Resources
Designing the Hue platform
Using Kubernetes to build the Hue platform
Separating internal and external services
Using namespace to limit access
Launching jobs
Mixing non-cluster components
Employing Init Containers for orderly pod bring-up
Evolving the Hue platform with Kubernetes
Summary
6
Exploring Kubernetes Storage Concepts
Exploring Kubernetes Storage Concepts
Technical requirements
Persistent storage
StatefulSets
Summary
7
Monitoring and Logging
Monitoring and Logging
Technical requirements
Monitoring operations
Built-in monitoring
FluentD and Google Cloud Logging
Maturing our monitoring operations
Summary
8
Monitoring, Logging, and Troubleshooting
Monitoring, Logging, and Troubleshooting
Monitoring Kubernetes with Heapster
Installing Heapster
InfluxDB backend
Performance analysis with the dashboard
Detecting node problems
Troubleshooting scenarios
Designing robust systems
Hardware failure
Using Prometheus
Summary
9
Operating Systems, Platforms, and Cloud and Local Providers
Operating Systems, Platforms, and Cloud and Local Providers
Technical requirements
The importance of standards
The OCI
CNCF
Standard container specification
CoreOS
Kubernetes with CoreOS
Tectonic
Hosted platforms
Summary
10
Creating Kubernetes Clusters
Creating Kubernetes Clusters
A quick single-node cluster with Minikube
Creating a multinode cluster using kubeadm
Creating clusters in the cloud (GCP, AWS, and Azure)
Creating a bare-metal cluster from scratch
The process
Using virtual private cloud infrastructure
Summary
11
Cluster Federation and Multi-Tenancy
Cluster Federation and Multi-Tenancy
Technical requirements
Introduction to federation
Why federation?
Setting up federation
True multi-cloud
Summary
12
Cluster Authentication, Authorization, and Container Security
Cluster Authentication, Authorization, and Container Security
Basics of container security
Image repositories
Kubernetes cluster security
Securing sensitive application data (secrets)
Summary
13
Running Stateful Applications with Kubernetes
Running Stateful Applications with Kubernetes
Stateful versus stateless applications in Kubernetes
Shared environment variables versus DNS records for discovery
Running a Cassandra cluster in Kubernetes
Summary
14
Rolling Updates, Scalability, and Quotas
Rolling Updates, Scalability, and Quotas
Horizontal pod autoscaling
Performing rolling updates with autoscaling
Handling scarce resources with limits and quotas
Choosing and managing the cluster capacity
Pushing the envelope with Kubernetes
Summary
15
Advanced Kubernetes Networking
Advanced Kubernetes Networking
Understanding the Kubernetes networking model
Kubernetes networking solutions
Using network policies effectively
Load balancing options
Træfic
Writing your own CNI plugin
Summary
16
Kubernetes Infrastructure Management
Kubernetes Infrastructure Management
Technical requirements
Planning a cluster
Upgrading the cluster
Scaling the cluster
Additional configuration options
Summary
17
Customizing Kubernetes - API and Plugins
Customizing Kubernetes - API and Plugins
Working with the Kubernetes API
Extending the Kubernetes API
Writing Kubernetes plugins
Employing access control webhooks
Summary
18
Handling the Kubernetes Package Manager
Handling the Kubernetes Package Manager
Understanding Helm
Using Helm
Creating your own charts
Summary
19
The Future of Kubernetes
The Future of Kubernetes
The road ahead
Competition
Education and training
Modularization and out-of-tree plugins
Service meshes and serverless frameworks
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Kubernetes cluster security

Kubernetes has continued to add a number of security features in their latest releases and has a well-rounded set of control points that can be used in your cluster – everything from secure node communication to pod security and even the storage of sensitive configuration data.

Secure API calls

During every API call, Kubernetes applies a number of security controls. This security life cycle is depicted here:

API call life cycle

After secure TLS communication is established, the API server runs through authorization and authentication. Finally, an admission controller loop is applied to the request before it reaches the API server.

Secure node communication

Kubernetes supports the use of secure communication channels between the API server and any client, including the nodes themselves. Whether it's a GUI or command-line utility such as kubectl, we can use certificates to communicate with the API server. Hence, the API server is the central interaction point for any...

Previous Section
End of Section 4
Next Section